CVE-2025-71081
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe. Make sure to drop the reference on platform probe failures (e.g. probe deferral) and on driver unbind. This also avoids a potential use-after-free in case the DAI is ever reprobed without first rebinding the platform driver.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2025-71081
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 4.15
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.4 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.160 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.120 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.64 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 4.15.1 (inc) to 5.15.198 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's ASoC stm32 sai driver involves a reference leak of the sync provider OF node during the probing of the platform device. The reference is only dropped if the set_sync() callback fails during DAI probe, but not on other probe failures or driver unbinds. This can lead to a use-after-free condition if the DAI is reprobed without rebinding the platform driver.

Impact Analysis

The impact of this vulnerability could include system instability or crashes due to use-after-free errors when the DAI is reprobed without proper driver rebinding. This could potentially affect the reliability of audio subsystem components relying on the stm32 sai driver.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the ASoC stm32 sai OF node leak on probe issue is fixed. This involves applying the patch that drops the reference on platform probe failures and on driver unbind to avoid use-after-free conditions. If updating immediately is not possible, avoid reprobe operations on the affected DAI without rebinding the platform driver first.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71081. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart