What is CVE-2025-71198?

CVE-2025-71198 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.5 onward and patched in 6.6.122, 6.12.68, 6.18.8 and others. CVE-2025-71198 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-71198?

CVE-2025-71198 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-71198?

Yes, CVE-2025-71198 has been patched. Fixed versions include 6.6.122, 6.12.68, 6.18.8 and others. If you are running Linux kernel 5.5 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-71198 actively exploited?

CVE-2025-71198 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-71198

In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection The st_lsm6dsx_acc_channels array of struct iio_chan_spec has a non-NULL event_spec field, indicating support for IIO events. However, event detection is not supported for all sensors, and if userspace tries to configure accelerometer wakeup events on a sensor device that does not support them (e.g. LSM6DS0), st_lsm6dsx_write_event() dereferences a NULL pointer when trying to write to the wakeup register. Define an additional struct iio_chan_spec array whose members have a NULL event_spec field, and use this array instead of st_lsm6dsx_acc_channels for sensors without event detection capability.

Package Linux Kernel

Published 2026-02-04

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.5 and later are affected. Fixed in 6.6.122, 6.12.68, 6.18.8, 6.19 and their respective stable series.

Affected from

≥ 5.5

Fixed in

✓ 6.6.122 6.6.x ✓ 6.12.68 6.12.x ✓ 6.18.8 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-71198 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/4d60ffcdedfe2cdb68a1cde19bb292bc67451629
Patch
Kernel patch commit
https://git.kernel.org/stable/c/7673167fac9323110973a3300637adba7d45de3a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/81ed6e42d6e555dd978c9dd5e3f7c20cb121221b
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-71198?

CVE-2025-71198 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.5 onward and has been patched in 6.6.122, 6.12.68, 6.18.8 and others. CVE-2025-71198 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-71198?

Yes — CVE-2025-71198 has been patched. Fixed versions include 6.6.122, 6.12.68, 6.18.8 and others. If you are running Linux kernel 5.5 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-71198 actively exploited?

No — CVE-2025-71198 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.