What is CVE-2025-71064?

CVE-2025-71064 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.16 onward and patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-71064 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-71064?

CVE-2025-71064 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-71064?

Yes, CVE-2025-71064 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 4.16 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-71064 actively exploited?

CVE-2025-71064 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-71064

In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the num_tqps in the vf driver to apply for resources Currently, hdev->htqp is allocated using hdev->num_tqps, and kinfo->tqp is allocated using kinfo->num_tqps. However, kinfo->num_tqps is set to min(new_tqps, hdev->num_tqps); Therefore, kinfo->num_tqps may be smaller than hdev->num_tqps, which causes some hdev->htqp[i] to remain uninitialized in hclgevf_knic_setup(). Thus, this patch allocates hdev->htqp and kinfo->tqp using hdev->num_tqps, ensuring that the lengths of hdev->htqp and kinfo->tqp are consistent and that all elements are properly initialized.

Package Linux Kernel

Published 2026-01-13

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.16 and later are affected. Fixed in 5.10.248, 5.15.198, 6.1.160, 6.6.120, 6.12.64, 6.18.3, 6.19 and their respective stable series.

Affected from

≥ 4.16

Fixed in

✓ 5.10.248 5.10.x ✓ 5.15.198 5.15.x ✓ 6.1.160 6.1.x ✓ 6.6.120 6.6.x ✓ 6.12.64 6.12.x ✓ 6.18.3 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-71064 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1956d47a03eb625951e9e070db39fe2590e27510
Patch
Kernel patch commit
https://git.kernel.org/stable/c/429f946a7af3fbf08761d218746cd4afa80a7954
Patch
Kernel patch commit
https://git.kernel.org/stable/c/62f28d79a6186a602a9d926a2dbb5b12b6867df7
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-71064?

CVE-2025-71064 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.16 onward and has been patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-71064 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-71064?

Yes — CVE-2025-71064 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 4.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-71064 actively exploited?

No — CVE-2025-71064 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.