CVE-2025-71291 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() In the function bcm_vk_read(), the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause null-pointer dereferences: struct vk_msg_blk tmp_msg = entry->to_h_msg[0]; set_msg_id(&tmp_msg, entry->usr_msg_id); tmp_msg.size = entry->to_h_blks - 1; To prevent these possible null-pointer dereferences, copy to_h_msg, usr_msg_id, and to_h_blks from iter into temporary variables, and return these temporary variables to the application instead of accessing them through a potentially NULL entry.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

References

Link	Providers
https://git.kernel.org/stable/c/20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd
https://git.kernel.org/stable/c/3842f93e6e29d5cc1dcb9e5bda70587b444bed69
https://git.kernel.org/stable/c/741c5a3a0cd893a4218fc0fc8c18403e54fcfb22
https://git.kernel.org/stable/c/aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb
https://git.kernel.org/stable/c/ba75ecb97d3f4e95d59002c13afb6519205be6cb
https://git.kernel.org/stable/c/ece3722169ba93734bfd1f06255e8ab7f19fe964

History

Wed, 06 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() In the function bcm_vk_read(), the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause null-pointer dereferences: struct vk_msg_blk tmp_msg = entry->to_h_msg[0]; set_msg_id(&tmp_msg, entry->usr_msg_id); tmp_msg.size = entry->to_h_blks - 1; To prevent these possible null-pointer dereferences, copy to_h_msg, usr_msg_id, and to_h_blks from iter into temporary variables, and return these temporary variables to the application instead of accessing them through a potentially NULL entry.
Title		misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd https://git.kernel.org/stable/c/3842f93e6e29d5cc1dcb9e5bda70587b444bed69 https://git.kernel.org/stable/c/741c5a3a0cd893a4218fc0fc8c18403e54fcfb22 https://git.kernel.org/stable/c/aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb https://git.kernel.org/stable/c/ba75ecb97d3f4e95d59002c13afb6519205be6cb https://git.kernel.org/stable/c/ece3722169ba93734bfd1f06255e8ab7f19fe964

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:32:23.223Z

Updated: 2026-05-06T11:32:23.223Z

Reserved: 2026-05-06T11:31:45.509Z

Link: CVE-2025-71291

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:28.330

Modified: 2026-05-06T13:07:51.607

Link: CVE-2025-71291

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T14:15:05Z

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object