PCI: endpoint: Add missing NULL check for alloc_workqueue()

Summary

CVE	CVE-2025-71313
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-06-03 18:16:19 UTC
Updated	2026-06-05 20:51:20 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queue_work() is later called with the NULL workqueue pointer in epf_ntb_epc_init(). Add a NULL check immediately after alloc_workqueue() and return -ENOMEM on failure to prevent the driver from loading with an invalid workqueue pointer.

Risk And Classification

EPSS: 0.000180000 probability, percentile 0.051530000 (date 2026-06-05)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 8b821cf761503b80d0bd052f932adfe1bc1a0088 314eab6740bcda504ef978be599f805de05ce6de git	Not specified
CNA	Linux	Linux	affected 8b821cf761503b80d0bd052f932adfe1bc1a0088 03f336a869b3a3f119d3ae52ac9723739c7fb7b6 git	Not specified
CNA	Linux	Linux	affected 5.12	Not specified
CNA	Linux	Linux	unaffected 5.12 semver	Not specified
CNA	Linux	Linux	unaffected 6.19.4 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/03f336a869b3a3f119d3ae52ac9723739c7fb7b6	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/314eab6740bcda504ef978be599f805de05ce6de	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.