Linux Kernel Crash from Uninitialized cpu_tasks[] in Kcov
CVE-2025-71115 Published on January 14, 2026
um: init cpu_tasks[] earlier
In the Linux kernel, the following vulnerability has been resolved:
um: init cpu_tasks[] earlier
This is currently done in uml_finishsetup(), but e.g. with
KCOV enabled we'll crash because some init code can call
into e.g. memparse(), which has coverage annotations, and
then the checks in check_kcov_mode() crash because current
is NULL.
Simply initialize the cpu_tasks[] array statically, which
fixes the crash. For the later SMP work, it seems to have
not really caused any problems yet, but initialize all of
the entries anyway.
Products Associated with CVE-2025-71115
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 2f681ba4b352cdd5658ed2a96062375a12839755 and below dbbf6d47130674640cd12a0781a0fb2a575d0e44 is affected.
- Version 2f681ba4b352cdd5658ed2a96062375a12839755 and below 7b5d4416964c07c902163822a30a622111172b01 is affected.
- Version 6.13 is affected.
- Before 6.13 is unaffected.
- Version 6.18.3, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.