CVE-2025-71114

Description

In the Linux kernel, the following vulnerability has been resolved: via_wdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocate_resource() to reserve a MMIO region for the watchdog control register. However, the allocated resource was not given a name, which causes the kernel resource tree to contain an entry marked as "<BAD>" under /proc/iomem on x86 platforms. During boot, this unnamed resource can lead to a critical hang because subsequent resource lookups and conflict checks fail to handle the invalid entry properly.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE

Linux kernel via_wdt driver (unspecified versions prior to patch)

x86 platforms with VIA hardware

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-71114 PoC - Demonstrates the via_wdt resource allocation issue
// This PoC shows how the unnamed resource causes issues in /proc/iomem

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

/*
 * PoC for CVE-2025-71114
 * 
 * This vulnerability occurs in Linux kernel's via_wdt driver where
 * allocate_resource() is called without setting the resource name,
 * resulting in a <BAD> entry in /proc/iomem.
 * 
 * To verify the vulnerability:
 * 1. Load the via_wdt kernel module
 * 2. Check /proc/iomem for <BAD> entries
 * 3. Observe potential boot hang on systems with this driver
 * 
 * Root cause: Missing .name assignment in struct resource
 * 
 * Example vulnerable code pattern:
 * 
 * struct resource *res;
 * res = allocate_resource(&iomem_resource, ...);
 * // Missing: res->name = "via-wdt";
 * 
 * Fixed code:
 * struct resource *res;
 * res = allocate_resource(&iomem_resource, ...);
 * res->name = "via-wdt";  // Add this line
 */

int main() {
    printf("CVE-2025-71114 PoC\n");
    printf("========================\n\n");
    printf("Vulnerability: Linux kernel via_wdt unnamed resource allocation\n");
    printf("Severity: MEDIUM (CVSS 5.5)\n");
    printf("Impact: Local DoS (system boot hang)\n\n");
    printf("Technical Details:\n");
    printf("- Driver: drivers/watchdog/via_wdt.c\n");
    printf("- Issue: allocate_resource() without setting .name\n");
    printf("- Result: <BAD> entry in /proc/iomem\n");
    printf("- Consequence: Resource lookup failure during boot\n\n");
    printf("Verification Steps:\n");
    printf("1. Check if via_wdt module exists: modinfo via_wdt\n");
    printf("2. Load the module: modprobe via_wdt\n");
    printf("3. Check iomem: cat /proc/iomem | grep -i bad\n");
    printf("4. Check dmesg for resource allocation messages\n\n");
    printf("Patch Reference:\n");
    printf("https://git.kernel.org/stable/c/1d56025a3af50db0f3da2792f41eb9943eee5324\n");
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-71114
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-71114
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-71114/
[4] VulDB https://vuldb.com/cve/CVE-2025-71114
[5] https://git.kernel.org/stable/c/1d56025a3af50db0f3da2792f41eb9943eee5324
[6] https://git.kernel.org/stable/c/47c910965c936724070d2a8094a4c3ed8f452856
[7] https://git.kernel.org/stable/c/7aa31ee9ec92915926e74731378c009c9cc04928
[8] https://git.kernel.org/stable/c/c6a2dd4f2e4e6cbdfe7a1618160281af897b75db
[9] https://git.kernel.org/stable/c/c7b986adc9e9336066350542ac5a2005d305ae78
[10] https://git.kernel.org/stable/c/d2c7c90aca7b37f60f16b2bedcfeb16204f2f35d
[11] https://git.kernel.org/stable/c/f7b6370d0fbee06a867037d675797a606cb62e57

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-71114", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-01-14T15:16:01.063", "lastModified": "2026-03-25T19:00:59.403", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvia_wdt: fix critical boot hang due to unnamed resource allocation\n\nThe VIA watchdog driver uses allocate_resource() to reserve a MMIO\nregion for the watchdog control register. However, the allocated\nresource was not given a name, which causes the kernel resource tree\nto contain an entry marked as \"<BAD>\" under /proc/iomem on x86\nplatforms.\n\nDuring boot, this unnamed resource can lead to a critical hang because\nsubsequent resource lookups and conflict checks fail to handle the\ninvalid entry properly."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nvia_wdt: corrige un cuelgue crítico de arranque debido a la asignación de recursos sin nombre\n\nEl controlador de watchdog de VIA utiliza allocate_resource() para reservar una región MMIO para el registro de control del watchdog. Sin embargo, al recurso asignado no se le dio un nombre, lo que provoca que el árbol de recursos del kernel contenga una entrada marcada como '' bajo /proc/iomem en plataformas x86.\n\nDurante el arranque, este recurso sin nombre puede provocar un cuelgue crítico porque las búsquedas de recursos y las comprobaciones de conflictos posteriores no logran manejar la entrada inválida correctamente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3.1", "versionEndExcluding": "5.10.248", "matchCriteriaId": "48D36906-151F-46FF-9D45-9C3C04299842"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.198", "matchCriteriaId": "82159CAA-B6BA-43C6-85D8-65BDBC175A7E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.160", "matchCriteriaId": "C10CC03E-16A9-428A-B449-40D3763E15F6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.6.120", "matchCriteriaId": "43C3A206-5EEE-417B-AA0F-EF8972E7A9F0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.64", "matchCriteriaId": "32BF4A52-377C-44ED-B5E6-7EA5D896E98B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.3", "matchCriteriaId": "2DC484D8-FB4F-4112-900F-AE333B6FE7A7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:-:*:*:*:*:*:*", "matchCriteriaId": "938CA222-4FA5-49B6-B828-242572B8208E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*", "matchCriteriaId": "EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1d56025a3af50db0f3da2792f41eb9943eee5324", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url ... (truncated)