CVE-2025-71221

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the mmp pdma residue() function within the dmaengine subsystem of the Linux kernel. This condition can lead to a use-after-free issue when accessing the descriptor list and its contents. The race occurs when multiple threads call tx status() concurrently with a tasklet freeing completed descriptors on another CPU. Specifically, the issue arises when accessing sw->desc after the memory it points to has been freed by dma pool free(sw). The problem can be reproduced by running dmatest on the same channel with multiple threads where threads per chan is greater than 1. The fix involves protecting the iteration of the chain running list and access to descriptors with the chan->desc lock spinlock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.