{"id":"CVE-2025-71073","summary":"Input: lkkbd - disable pending work before freeing device","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nInput: lkkbd - disable pending work before freeing device\n\nlkkbd_interrupt() schedules lk-\u003etq via schedule_work(), and the work\nhandler lkkbd_reinit() dereferences the lkkbd structure and its\nserio/input_dev fields.\n\nlkkbd_disconnect() and error paths in lkkbd_connect() free the lkkbd\nstructure without preventing the reinit work from being queued again\nuntil serio_close() returns. This can allow the work handler to run\nafter the structure has been freed, leading to a potential use-after-free.\n\nUse disable_work_sync() instead of cancel_work_sync() to ensure the\nreinit work cannot be re-queued, and call it both in lkkbd_disconnect()\nand in lkkbd_connect() error paths after serio_open().","modified":"2026-04-02T13:04:38.609952Z","published":"2026-01-13T15:31:26.771Z","related":["SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","openSUSE-SU-2026:20287-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71073.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3a7cd1397c209076c371d53bf39a55c138f62342"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cffc4e29b1e2d44ab094cf142d7c461ff09b9104"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e58c88f0cb2d8ed89de78f6f17409d29cfab6c5c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71073.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71073"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"3a7cd1397c209076c371d53bf39a55c138f62342"},{"fixed":"cffc4e29b1e2d44ab094cf142d7c461ff09b9104"},{"fixed":"e58c88f0cb2d8ed89de78f6f17409d29cfab6c5c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71073.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.12"},{"fixed":"6.12.64"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71073.json"}}],"schema_version":"1.7.5"}