CVE-2025-71291

In the function bcmvkread(), the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause null-pointer dereferences:

struct vkmsgblk tmpmsg = entry->tohmsg[0]; setmsgid(&tmpmsg, entry->usrmsgid); tmpmsg.size = entry->toh_blks - 1;

To prevent these possible null-pointer dereferences, copy tohmsg, usrmsgid, and tohblks from iter into temporary variables, and return these temporary variables to the application instead of accessing them through a potentially NULL entry.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71291.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

88517757a829e9ce146a6c7233ad5dcdc66fcbb0

Fixed

741c5a3a0cd893a4218fc0fc8c18403e54fcfb22

Fixed

ece3722169ba93734bfd1f06255e8ab7f19fe964

Fixed

aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb

Fixed

3842f93e6e29d5cc1dcb9e5bda70587b444bed69

Fixed

20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd

Fixed

ba75ecb97d3f4e95d59002c13afb6519205be6cb

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71291.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.19.0

Fixed

6.1.165

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.128

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.75

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.16

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71291.json"