{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-71071","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:30:19.647Z","datePublished":"2026-01-13T15:31:25.400Z","dateUpdated":"2026-05-11T21:54:10.636Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:54:10.636Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: fix use-after-free on probe deferral\n\nThe driver is dropping the references taken to the larb devices during\nprobe after successful lookup as well as on errors. This can\npotentially lead to a use-after-free in case a larb device has not yet\nbeen bound to its driver so that the iommu driver probe defers.\n\nFix this by keeping the references as expected while the iommu driver is\nbound."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/mtk_iommu.c"],"versions":[{"version":"8412e5dd24ffc8bc21a00bfaa0b80d4596cdc9da","lessThan":"896ec55da3b90bdb9fc04fedc17ad8c359b2eee5","status":"affected","versionType":"git"},{"version":"26593928564cf5b576ff05d3cbd958f57c9534bb","lessThan":"5c04217d06a1161aaf36267e9d971ab6f847d5a7","status":"affected","versionType":"git"},{"version":"26593928564cf5b576ff05d3cbd958f57c9534bb","lessThan":"1ef70a0b104ae8011811f60bcfaa55ff49385171","status":"affected","versionType":"git"},{"version":"26593928564cf5b576ff05d3cbd958f57c9534bb","lessThan":"f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a","status":"affected","versionType":"git"},{"version":"26593928564cf5b576ff05d3cbd958f57c9534bb","lessThan":"de83d4617f9fe059623e97acf7e1e10d209625b5","status":"affected","versionType":"git"},{"version":"51080de72e26771f0ed9d44982974279ccbc92b8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/mtk_iommu.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.64","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.3","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.2","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.12.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/896ec55da3b90bdb9fc04fedc17ad8c359b2eee5"},{"url":"https://git.kernel.org/stable/c/5c04217d06a1161aaf36267e9d971ab6f847d5a7"},{"url":"https://git.kernel.org/stable/c/1ef70a0b104ae8011811f60bcfaa55ff49385171"},{"url":"https://git.kernel.org/stable/c/f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a"},{"url":"https://git.kernel.org/stable/c/de83d4617f9fe059623e97acf7e1e10d209625b5"}],"title":"iommu/mediatek: fix use-after-free on probe deferral","x_generator":{"engine":"bippy-1.2.0"}}}}