CVE-2025-71073

EPSS 0.02%
Veröffentlicht 13.01.2026 15:31:26
Zuletzt bearbeitet 25.03.2026 19:10:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

Input: lkkbd - disable pending work before freeing device

In the Linux kernel, the following vulnerability has been resolved:

Input: lkkbd - disable pending work before freeing device

lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work
handler lkkbd_reinit() dereferences the lkkbd structure and its
serio/input_dev fields.

lkkbd_disconnect() and error paths in lkkbd_connect() free the lkkbd
structure without preventing the reinit work from being queued again
until serio_close() returns. This can allow the work handler to run
after the structure has been freed, leading to a potential use-after-free.

Use disable_work_sync() instead of cancel_work_sync() to ensure the
reinit work cannot be re-queued, and call it both in lkkbd_disconnect()
and in lkkbd_connect() error paths after serio_open().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 15 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.12.1 < 6.12.64

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.3

Linux ≫ Linux Kernel Version2.6.12 Update-

Linux ≫ Linux Kernel Version2.6.12 Updaterc2

Linux ≫ Linux Kernel Version2.6.12 Updaterc3

Linux ≫ Linux Kernel Version2.6.12 Updaterc4

Linux ≫ Linux Kernel Version2.6.12 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc1

Linux ≫ Linux Kernel Version6.19 Updaterc2

Linux ≫ Linux Kernel Version6.19 Updaterc3

Linux ≫ Linux Kernel Version6.19 Updaterc4

Linux ≫ Linux Kernel Version6.19 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc6

Linux ≫ Linux Kernel Version6.19 Updaterc7

Linux ≫ Linux Kernel Version6.19 Updaterc8

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.061

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/3a7cd1397c209076c371d53bf39a55c138f62342

Patch

https://git.kernel.org/stable/c/cffc4e29b1e2d44ab094cf142d7c461ff09b9104

Patch

https://git.kernel.org/stable/c/e58c88f0cb2d8ed89de78f6f17409d29cfab6c5c

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-71073

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71073

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71073

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-71073