Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-71114

CVE-2025-71114: Linux Kernel VIA Watchdog DoS Vulnerability

CVE-2025-71114 is a denial of service flaw in the Linux kernel VIA watchdog driver that causes critical boot hangs due to unnamed resource allocation. This article covers the technical details, affected systems, and mitigation.

Published:

CVE-2025-71114 Overview

CVE-2025-71114 is a vulnerability in the Linux kernel affecting the VIA watchdog driver (via_wdt). The driver uses allocate_resource() to reserve a MMIO region for the watchdog control register; however, the allocated resource was not assigned a name. This causes the kernel resource tree to contain an entry marked as "<BAD>" under /proc/iomem on x86 platforms. During boot, this unnamed resource can lead to a critical hang because subsequent resource lookups and conflict checks fail to handle the invalid entry properly.

Critical Impact

Systems using the VIA watchdog driver may experience critical boot hangs due to improper resource allocation handling in the kernel, potentially causing system unavailability and denial of service conditions.

Affected Products

  • Linux kernel with VIA watchdog driver (via_wdt) enabled
  • x86 platforms utilizing VIA chipset watchdog functionality

Discovery Timeline

  • 2026-01-14 - CVE-2025-71114 published to NVD
  • 2026-01-19 - Last updated in NVD database

Technical Details for CVE-2025-71114

Vulnerability Analysis

This vulnerability exists in the Linux kernel's VIA watchdog driver implementation. When the driver initializes, it calls allocate_resource() to reserve a memory-mapped I/O (MMIO) region for the watchdog control register. The fundamental issue is that the resource structure passed to this function lacks a proper name assignment.

In the Linux kernel's resource management subsystem, resources displayed in /proc/iomem are expected to have valid names for identification and conflict resolution purposes. When a resource is allocated without a name, the kernel marks it as "<BAD>" in the resource tree. This malformed entry creates problems during subsequent resource operations where the kernel attempts to perform lookups or conflict checks against the resource tree.

The impact is particularly severe during system boot when multiple drivers and subsystems are simultaneously registering and querying resources. The invalid "<BAD>" entry can cause these operations to fail unexpectedly, resulting in a boot hang that leaves the system unresponsive.

Root Cause

The root cause is a missing name assignment for the resource structure used in the allocate_resource() call within the VIA watchdog driver. The driver developer did not set the name field of the resource structure before allocation, leading to an unnamed resource being inserted into the kernel's I/O memory resource tree. This is a straightforward oversight in resource initialization that has severe consequences for system stability.

Attack Vector

This vulnerability is triggered during normal system boot on x86 platforms with VIA chipsets where the watchdog driver is loaded. While not directly exploitable by remote attackers, the vulnerability causes a denial of service condition through system unavailability. Systems configured to automatically load the via_wdt module would be affected whenever the system boots, making this particularly impactful for unattended server environments and embedded systems.

The vulnerability manifests in the resource allocation code path where the driver fails to properly name the MMIO region. The fix involves assigning a descriptive name string to the resource before calling allocate_resource(). See the kernel git commits for the complete patch details.

Detection Methods for CVE-2025-71114

Indicators of Compromise

  • System boot failures or hangs on x86 platforms with VIA chipsets
  • Presence of "<BAD>" entries in /proc/iomem output
  • Kernel log messages indicating resource allocation failures during watchdog driver initialization
  • Systems failing to complete boot sequence when via_wdt module is loaded

Detection Strategies

  • Monitor system boot logs for kernel panics or hangs related to resource allocation
  • Check /proc/iomem for entries marked as "<BAD>" which indicate unnamed resources
  • Review loaded kernel modules for via_wdt on affected systems
  • Implement boot monitoring to detect systems that fail to complete initialization

Monitoring Recommendations

  • Configure kernel logging to capture resource allocation events during boot
  • Set up automated alerts for systems that fail to complete boot sequences
  • Regularly audit /proc/iomem output on systems using VIA hardware
  • Monitor system availability metrics to detect boot-related denial of service conditions

How to Mitigate CVE-2025-71114

Immediate Actions Required

  • Update the Linux kernel to a patched version that includes the fix for the VIA watchdog driver
  • If immediate patching is not possible, blacklist the via_wdt module to prevent it from loading during boot
  • Review systems with VIA chipsets for potential exposure to this vulnerability
  • Schedule maintenance windows to apply kernel updates on affected systems

Patch Information

The Linux kernel development team has released patches to address this vulnerability. The fix properly assigns a name to the resource structure before calling allocate_resource(), ensuring the resource tree contains valid entries.

Multiple kernel stable branches have been patched. Apply the appropriate fix for your kernel version:

Workarounds

  • Blacklist the via_wdt kernel module by adding blacklist via_wdt to /etc/modprobe.d/blacklist.conf
  • Disable watchdog functionality in BIOS/UEFI if the VIA watchdog is not required
  • Use an alternative software watchdog solution that does not rely on the VIA hardware
  • Boot with the modprobe.blacklist=via_wdt kernel parameter as a temporary measure
bash
# Temporary workaround: Blacklist the via_wdt module
echo "blacklist via_wdt" | sudo tee /etc/modprobe.d/blacklist-via-wdt.conf
sudo update-initramfs -u

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.