CVE-2025-71186
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
In the Linux kernel, a device reference leak was found in the STM32 DMA MUX driver during route allocation. The allocation function failed to drop the reference taken when looking up the DMA mux platform device.
Risk Assessment
This reference leak can cause system instability, kernel resource exhaustion, and potentially a denial of service (DoS) on systems using the STM32 DMA MUX.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit 5c8b3b1a) or apply a security patch from your distribution vendor.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference.

