Linux Kernel Vulnerability in QRTR Client Driver for MHI Stacks
CVE-2025-71285

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2025-71285?

A vulnerability in the Linux kernel arises from the MHI stack's 'auto_queue' feature for IPCR DL channels, which can lead to race conditions between the MHI stack and client drivers. Specifically, when the auto_queue feature is enabled, the 'dl_callback' could be invoked before complete initialization of the client driver's structures — resulting in a potential NULL pointer dereference. This problem necessitates the removal of the 'auto_queue' feature, forcing the QRTR client driver to manually manage RX buffers. To counteract these race conditions, the QRTR driver should queue RX buffers based on the ring length during probe and appropriately recycle buffers in 'dl_callback' once consumed.

Affected Version(s)

Linux 227fee5fc99eeb74d43bf68832f6d59d30ac07d8 < 7bdff9b9b0c65ac7105416fe3a40686832515e20

Linux 227fee5fc99eeb74d43bf68832f6d59d30ac07d8 < 8c464e00e0754e016816b1860fa9592dcad80eb2

Linux 227fee5fc99eeb74d43bf68832f6d59d30ac07d8 < 51731792a25cb312ca94cdccfa139eb46de1b2ef

References

https://git.kernel.org/stable/c/7bdff9b9b0c65ac7105416fe3...

https://git.kernel.org/stable/c/8c464e00e0754e016816b1860...

https://git.kernel.org/stable/c/51731792a25cb312ca94cdccf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 6, 2026

CVE-2025-71285 Data

JSON