CVE-2025-71188
BaseFortify
Publication date: 2026-01-31
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 4.3 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.7 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 5.11 (inc) to 5.15.199 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.162 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.122 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.67 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 4.3.1 (inc) to 5.10.249 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's dmaengine component, specifically in the lpc18xx-dmamux driver, involves a device reference leak during route allocation. The issue is that a reference to the DMA mux platform device was being held unnecessarily, which does not prevent the device's driver data from being removed. The fix ensures that this reference is properly dropped during route allocation to prevent the device leak.
How can this vulnerability impact me? :
The vulnerability can lead to a device reference leak in the Linux kernel, which may cause resource management issues such as memory leaks or instability in systems using the affected dmaengine driver. This could potentially degrade system performance or reliability.
What immediate steps should I take to mitigate this vulnerability?
Apply the updated Linux kernel patch that fixes the dmaengine lpc18xx-dmamux device leak on route allocation by ensuring the reference to the DMA mux platform device is properly dropped during route allocation.