CVE-2025-71073

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to the handling of pending work in the lkkbd driver. Specifically, the lkkbd interrupt() function schedules a task via schedule work(), and the associated work handler, lkkbd reinit(), dereferences the lkkbd structure. The lkkbd disconnect() function and error paths within lkkbd connect() can free the lkkbd structure without preventing the reinit work from being queued, potentially leading to a use-after-free condition if the work handler runs after the structure has been freed. The issue arises because cancel work sync() was used instead of disable work sync(), which does not prevent the re-queueing of the work.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.