CVE-2025-71233

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel related to PCI endpoint sub-group creation. Asynchronous creation of sub-groups via delayed work could result in a NULL pointer dereference if the driver directory is removed before the work completes. This can be triggered by repeatedly creating and removing directories within the /sys/kernel/config/pci ep/functions/pci epf test directory. The fix involves using the configfs add default group() API instead of configfs register group() to avoid deadlocks and the need for a delayed work handler.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.