Cyber Resilience

CVE-2025-71122

High

Published: 14 January 2026

Published
14 January 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-71122 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-71122 is a vulnerability in the Linux kernel's iommufd selftest component, specifically an integer overflow in the IOMMU_TEST_OP_ADD_RESERVED operation. The issue allows math overflow in the test infrastructure, leading to corruption of the reserved interval tree and triggering a WARN_ON. It affects only test kernels configured with CONFIG_IOMMUFD_TEST enabled.

A local attacker with low privileges (PR:L) on an affected test kernel can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation causes the overflow, resulting in kernel warning and data structure corruption, with a CVSS v3.1 base score of 7.8 indicating high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

The provided references point to stable kernel commit patches that resolve the issue by adding validation of user input length in the test ioctl, preventing the overflow. These commits are available at git.kernel.org/stable for integration into affected kernels.

This vulnerability was discovered by the syzkaller fuzzer and is confined to test environments, with no indications of real-world exploitation.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARN_ON by corrupting the reserved interval tree. This only effects test…

more

kernels with CONFIG_IOMMUFD_TEST. Validate the user input length in the test ioctl.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Integer overflow enables local low-priv exploitation leading to kernel data corruption on test kernels, directly mapping to exploitation for privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19, 6.2 · 6.2.1 — 6.6.120 · 6.7 — 6.12.64 · 6.13 — 6.18.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates validation of user input lengths in the IOMMU_TEST_OP_ADD_RESERVED ioctl to directly prevent the integer overflow and subsequent reserved interval tree corruption.

prevent

Requires timely identification, reporting, and patching of flaws like this kernel integer overflow via stable commit fixes.

prevent

Enforces secure kernel configuration settings to disable unnecessary test features such as CONFIG_IOMMUFD_TEST, reducing exposure to the selftest vulnerability.

References