CVE-2025-71074

EPSS 0.02%
Veröffentlicht 13.01.2026 15:31:27
Zuletzt bearbeitet 23.01.2026 11:15:48
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

functionfs: fix the open/removal races

ffs_epfile_open() can race with removal, ending up with file->private_data
pointing to freed object.

There is a total count of opened files on functionfs (both ep0 and
dynamic ones) and when it hits zero, dynamic files get removed.
Unfortunately, that removal can happen while another thread is
in ffs_epfile_open(), but has not incremented the count yet.
In that case open will succeed, leaving us with UAF on any subsequent
read() or write().

The root cause is that ffs->opened is misused; atomic_dec_and_test() vs.
atomic_add_return() is not a good idea, when object remains visible all
along.

To untangle that
	* serialize openers on ffs->mutex (both for ep0 and for dynamic files)
	* have dynamic ones use atomic_inc_not_zero() and fail if we had
zero ->opened; in that case the file we are opening is doomed.
	* have the inodes of dynamic files marked on removal (from the
callback of simple_recursive_removal()) - clear ->i_private there.
	* have open of dynamic ones verify they hadn't been already removed,
along with checking that state is FFS_ACTIVE.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < e5bf5ee266633cb18fff6f98f0b7d59a62819eee

Version ddf8abd2599491cbad959c700b90ba72a5dce8d0

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.35

Status affected

Version < 2.6.35

Version 0

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/e5bf5ee266633cb18fff6f98f0b7d59a62819eee

https://nvd.nist.gov/vuln/detail/CVE-2025-71074

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71074

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71074

EUVD