CVE-2025-71190
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A vulnerability in the Linux kernel's BCM-SBA-RAID DMA driver causes a device reference leak during probe. The driver fails to drop the reference taken when looking up the mailbox device on probe failures or driver unbind.
Risk Assessment
This device reference leak can lead to system instability, kernel resource exhaustion, and potential memory management issues, which in extreme cases may result in denial of service (DoS).
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit 0b0b7a1c1e2f) or apply an appropriate backport. A system reboot is required after the update.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during probe on probe failures and on driver unbind.

