CVE Catalog

CVE-2025-71186

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

In the Linux kernel, a device reference leak was found in the STM32 DMA MUX driver during route allocation. The allocation function failed to drop the reference taken when looking up the DMA mux platform device.

Risk Assessment

This reference leak can cause system instability, kernel resource exhaustion, and potentially a denial of service (DoS) on systems using the STM32 DMA MUX.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit 5c8b3b1a) or apply a security patch from your distribution vendor.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS