Login Sign Up

CVE-2025-71221

N/A Unknown
Denial of Service

📋 TL;DR

A race condition in the Linux kernel's mmp_pdma_residue() function allows use-after-free when multiple threads access DMA descriptors while they're being freed. This affects systems using the mmp_pdma driver for DMA operations, potentially leading to kernel crashes or instability. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:
  • Linux kernel with mmp_pdma driver enabled
Versions: Kernel versions before the fix commit 9f665b3c3d9a168410251f27a5d019b7bf93185c
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if CONFIG_MMP_PDMA is enabled and the driver is actively used. Most desktop/server distributions don't enable this by default.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash leading to denial of service, with potential for privilege escalation if memory corruption can be controlled.

🟠

Likely Case

System instability, kernel crashes, or application failures when DMA operations are heavily utilized with multiple threads.

🟢

If Mitigated

No impact if patched or if the vulnerable driver is not in use.

🌐 Internet-Facing: LOW - Requires local access to trigger, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the race condition, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger DMA operations with multiple threads. Race conditions are timing-dependent and harder to reliably exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit 9f665b3c3d9a168410251f27a5d019b7bf93185c

Vendor Advisory: https://git.kernel.org/stable/c/9f665b3c3d9a168410251f27a5d019b7bf93185c

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. Reboot system to load new kernel. 3. Verify the driver is no longer vulnerable.

🔧 Temporary Workarounds

Disable mmp_pdma driver

Linux

Remove or blacklist the vulnerable driver if not needed

echo 'blacklist mmp_pdma' > /etc/modprobe.d/blacklist-mmp-pdma.conf
rmmod mmp_pdma

Limit DMA test threads

Linux

Prevent triggering condition by limiting concurrent DMA operations

echo 1 > /sys/module/dmatest/parameters/threads_per_chan

🧯 If You Can't Patch

  • Avoid using the mmp_pdma DMA driver if possible
  • Restrict local user access to prevent triggering the race condition

🔍 How to Verify

Check if Vulnerable:

Check if mmp_pdma module is loaded: lsmod | grep mmp_pdma AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: grep -q '9f665b3c3d9a168410251f27a5d019b7bf93185c' /proc/version_signature || uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Oops messages related to DMA or mmp_pdma
  • System crash logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("mmp_pdma" OR "DMA" OR "Oops" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2025-71221
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON