← Back

CVE-2025-71073

nvd nist
Published: Jan 13, 2026Modified: Jun 17, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure and its serio/input_dev fields. lkkbd_disconnect() and error paths in lkkbd_connect() free the lkkbd structure without preventing the reinit work from being queued again until serio_close() returns. This can allow the work handler to run after the structure has been freed, leading to a potential use-after-free. Use disable_work_sync() instead of cancel_work_sync() to ensure the reinit work cannot be re-queued, and call it both in lkkbd_disconnect() and in lkkbd_connect() error paths after serio_open().

Affected (15)

Products: Linux: Linux Kernel
1 product
Linux Kernel
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Linux
From 2.6.12.1 to 6.12.64
From 6.13 to 6.18.3
Version 2.6.12
Version 2.6.12 rc2
Version 2.6.12 rc3
Version 2.6.12 rc4
Version 2.6.12 rc5
Version 6.19 rc1
Version 6.19 rc2
Version 6.19 rc3
Version 6.19 rc4
Version 6.19 rc5
Version 6.19 rc6
Version 6.19 rc7
Version 6.19 rc8

References (3)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.