CVE-2025-71071
Published: 13 January 2026
Summary
CVE-2025-71071 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2025-71071 is a use-after-free vulnerability in the MediaTek IOMMU driver within the Linux kernel. The issue arises during driver probe when references to LARB devices, taken during successful lookup, are prematurely dropped both after success and on errors. This can lead to a use-after-free if a LARB device has not yet been bound to its driver, causing the IOMMU driver probe to defer. The vulnerability is classified under CWE-416 and was published on 2026-01-13.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base score 7.8). Successful exploitation could allow the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system compromise within the kernel context.
Mitigation requires applying the upstream Linux kernel patches from the stable repository. Key fixes include commits such as 1ef70a0b104ae8011811f60bcfaa55ff49385171, 5c04217d06a1161aaf36267e9d971ab6f847d5a7, 896ec55da3b90bdb9fc04fedc17ad8c359b2eee5, de83d4617f9fe059623e97acf7e1e10d209625b5, and f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a, which ensure references to LARB devices are retained while the IOMMU driver remains bound.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2267
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors. This can potentially…
more
lead to a use-after-free in case a larb device has not yet been bound to its driver so that the iommu driver probe defers. Fix this by keeping the references as expected while the iommu driver is bound.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel use-after-free in IOMMU driver directly enables exploitation for privilege escalation to achieve arbitrary code execution and full system compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of the use-after-free vulnerability in the MediaTek IOMMU driver by applying the upstream Linux kernel patches.
Kernel memory protections mitigate exploitation of the use-after-free by preventing unauthorized access, modification, or execution of freed LARB device reference memory.
Vulnerability scanning and monitoring identify the presence of CVE-2025-71071 in deployed Linux kernels to enable proactive patching.