Null Pointer Check Flaw in Linux Kernel's DPU Interface Affects Multiple Versions
CVE-2025-71138

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 14 January 2026

What is CVE-2025-71138?

A vulnerability was identified in the Linux kernel concerning the Direct Rendering Manager (DRM) which specifically affects the DRV/MSM/DPU subsystem. The issue arose from a missing NULL pointer check in the pingpong interface used for DPU encoder setups. This oversight occurs predominantly in the dpu_encoder_phys_wb_setup_ctl() method, presenting a potential risk of null pointer dereferences in certain circumstances. The recommended patch rectifies this issue, ensuring more robust checking during the interface's operations.

Affected Version(s)

Linux d7d0e73f7de33a2b9998b607707a3e944ef3b86d < 678d1c86566dfbb247ba25482d37fddde6140cc9

Linux d7d0e73f7de33a2b9998b607707a3e944ef3b86d < 471baae774a30a04cf066907b60eaf3732928cb7

Linux d7d0e73f7de33a2b9998b607707a3e944ef3b86d < 35ea3282136a630a3fd92b76f5a3a02651145ef1

References

https://git.kernel.org/stable/c/678d1c86566dfbb247ba25482...

https://git.kernel.org/stable/c/471baae774a30a04cf066907b...

https://git.kernel.org/stable/c/35ea3282136a630a3fd92b76f...

Timeline

Vulnerability published
Jan 14, 2026
Vulnerability Reserved
Jan 13, 2026

JSON