CVE Catalog

CVE-2025-71191

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

In the Linux kernel, the at_hdmac driver has a device reference leak in of_dma_xlate(). The reference taken when looking up the DMA platform device is not dropped after successful channel allocation, causing a memory leak.

Risk Assessment

This reference leak can gradually exhaust kernel memory, potentially leading to system instability or denial of service (DoS) on devices using the Atmel DMA controller.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit 3832b78b3ec2 or later), which ensures proper release of the device reference after DMA channel allocation.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 3832b78b3ec2 ("dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()") fixed the leak in a couple of error paths but the reference is still leaking on successful allocation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS