Bug 2440667 (CVE-2025-71233) - CVE-2025-71233 kernel: Linux kernel: Denial of Service via NULL pointer dereference in PCI endpoint configfs during asynchronous sub-group creation
Summary: CVE-2025-71233 kernel: Linux kernel: Denial of Service via NULL pointer deref...
Keywords:
Status: NEW
Alias: CVE-2025-71233
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-18 16:03 UTC by OSIDB Bzimport
Modified: 2026-02-19 18:29 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-02-18 16:03:34 UTC 
In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Avoid creating sub-groups asynchronously

The asynchronous creation of sub-groups by a delayed work could lead to a
NULL pointer dereference when the driver directory is removed before the
work completes.

The crash can be easily reproduced with the following commands:

  # cd /sys/kernel/config/pci_ep/functions/pci_epf_test
  # for i in {1..20}; do mkdir test && rmdir test; done

  BUG: kernel NULL pointer dereference, address: 0000000000000088
  ...
  Call Trace:
   configfs_register_group+0x3d/0x190
   pci_epf_cfs_work+0x41/0x110
   process_one_work+0x18f/0x350
   worker_thread+0x25a/0x3a0

Fix this issue by using configfs_add_default_group() API which does not
have the deadlock problem as configfs_register_group() and does not require
the delayed work handler.

[mani: slightly reworded the description and added stable list]
Comment 1 Alexander B 2026-02-18 20:22:45 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71233-0c35@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.