{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "88517757a829e9ce146a6c7233ad5dcdc66fcbb0"
            },
            {
              "fixed": "741c5a3a0cd893a4218fc0fc8c18403e54fcfb22"
            },
            {
              "fixed": "ece3722169ba93734bfd1f06255e8ab7f19fe964"
            },
            {
              "fixed": "aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb"
            },
            {
              "fixed": "3842f93e6e29d5cc1dcb9e5bda70587b444bed69"
            },
            {
              "fixed": "20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd"
            },
            {
              "fixed": "ba75ecb97d3f4e95d59002c13afb6519205be6cb"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.19.0"
            },
            {
              "fixed": "6.1.165"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.128"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.75"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.16"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71291.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()\n\nIn the function bcm_vk_read(), the pointer entry is checked, indicating\nthat it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the\nfollowing code may cause null-pointer dereferences:\n\n  struct vk_msg_blk tmp_msg = entry-\u003eto_h_msg[0];\n  set_msg_id(\u0026tmp_msg, entry-\u003eusr_msg_id);\n  tmp_msg.size = entry-\u003eto_h_blks - 1;\n\nTo prevent these possible null-pointer dereferences, copy to_h_msg,\nusr_msg_id, and to_h_blks from iter into temporary variables, and return\nthese temporary variables to the application instead of accessing them\nthrough a potentially NULL entry.",
  "id": "CVE-2025-71291",
  "modified": "2026-07-08T05:39:27.830861803Z",
  "published": "2026-05-06T11:32:23.223Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3842f93e6e29d5cc1dcb9e5bda70587b444bed69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/741c5a3a0cd893a4218fc0fc8c18403e54fcfb22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba75ecb97d3f4e95d59002c13afb6519205be6cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ece3722169ba93734bfd1f06255e8ab7f19fe964"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71291.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71291"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()"
}