HOMEVULNERABILITIESCVE-2025-71200
NONE

CVE-2025-71200

Published: February 14, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode

When operating in HS200 or HS400 timing modes, reducing the clock frequency

below 52MHz will lead to link broken as the Rockchip DWC MSHC controller

requires maintaining a minimum clock of 52MHz in these modes.

Add a check to prevent illegal clock reduction through debugfs:

root@debian:/# echo 50000000 > /sys/kernel/debug/mmc0/clock

root@debian:/# [ 30.090146] mmc0: running CQE recovery

mmc0: cqhci: Failed to halt

mmc0: cqhci: spurious TCN for tag 0

WARNING: drivers/mmc/host/cqhci-core.c:797 at cqhci_irq+0x254/0x818, CPU#1: kworker/1:0H/24

Modules linked in:

CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0H Not tainted 6.19.0-rc1-00001-g09db0998649d-dirty #204 PREEMPT

Hardware name: Rockchip RK3588 EVB1 V10 Board (DT)

Workqueue: kblockd blk_mq_run_work_fn

pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)

pc : cqhci_irq+0x254/0x818

lr : cqhci_irq+0x254/0x818

...

NVD Source

Technical Analysis

CVE-2025-71200 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
LinuxDebian
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (5)

Quick Facts

CVE IDCVE-2025-71200
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 14, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-71200 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.