CVE-2025-71191
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-31

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 3832b78b3ec2 ("dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()") fixed the leak in a couple of error paths but the reference is still leaking on successful allocation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-31
Last Modified
2026-03-25
Generated
2026-05-07
AI Q&A
2026-01-31
EPSS Evaluated
2026-05-05
NVD
CVE-2025-71191
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
linux linux_kernel 3.10
linux linux_kernel From 6.13 (inc) to 6.18.7 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.11 (inc) to 5.15.199 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.162 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.122 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.67 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 3.10.1 (inc) to 5.10.249 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a device reference leak in the Linux kernel's dmaengine at_hdmac driver. Specifically, during the of_dma_xlate() function, a reference to the DMA platform device is taken but not properly released when channel resources are freed. Although a previous fix addressed some error paths, the reference leak still occurs on successful allocation, potentially causing resource management issues.


How can this vulnerability impact me? :

The vulnerability can lead to a device reference leak in the Linux kernel, which may cause resource exhaustion or instability in systems using the affected dmaengine at_hdmac driver. Over time, this could degrade system performance or cause unexpected behavior due to unreleased device references.


What immediate steps should I take to mitigate this vulnerability?

Apply the Linux kernel update that includes the fix for the dmaengine at_hdmac device leak in of_dma_xlate(). This involves ensuring your kernel version includes the commit 3832b78b3ec2 or later, which adds the missing put_device() call to prevent the device reference leak.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart