Null-Pointer Dereference Vulnerability in Linux Kernel - Affects bcm_vk Component
CVE-2025-71291

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2025-71291?

A vulnerability exists in the bcm_vk component of the Linux kernel, allowing for potential null-pointer dereferences when processing messages in the bcm_vk_read() function. If the pointer entry is NULL, the improper handling of related message structures could lead to system instability or crashes. The issue has been mitigated by enhancing the function to validate entries properly and handle messages using temporary variables, ensuring that critical information is safely accessed and preventing accidental dereferences to NULL pointers.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 741c5a3a0cd893a4218fc0fc8c18403e54fcfb22

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/741c5a3a0cd893a4218fc0fc8...

https://git.kernel.org/stable/c/ece3722169ba93734bfd1f062...

https://git.kernel.org/stable/c/aa97ccc3dc1eba9f4537f0410...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 6, 2026

CVE-2025-71291 Data

JSON