Skip to main content

Linux Kernel CVE-2025-71287

| EUVDEUVD-2025-209676 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-62g2-8mj9-vf3f
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 11:42 vuln.today
CVSS changed
May 13, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:02 EUVD
CVE Published
May 06, 2026 - 11:32 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

memory: mtk-smi: fix device leak on larb probe

Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure (e.g. probe deferral) and on driver unbind.

AnalysisAI

Device reference leak in the Linux kernel's MediaTek SMI (mtk-smi) memory driver can cause resource exhaustion and denial of service on affected MediaTek SoC-based systems. The flaw exists in the larb (Local Arbiter) probe path, where a reference acquired during SMI device lookup is never released when late probe failure occurs (e.g., probe deferral) or when the driver is unbound - leaving the kernel device struct's reference count permanently inflated. With EPSS at 0.02% (7th percentile), no KEV listing, and no public exploit identified at time of analysis, real-world exploitation risk is very low and narrowly scoped to hardware running MediaTek SoCs.

Technical ContextAI

The mtk-smi driver manages the MediaTek System Memory Interface, which arbitrates memory bandwidth across hardware blocks on MediaTek SoCs (ARM/ARM64 platforms, including Chromebooks and embedded devices). The larb (Local Arbiter) is a hardware subblock that routes memory transactions through the SMI fabric. During larb probe, the driver obtains a reference to the parent SMI device via a device lookup (effectively incrementing the struct device refcount). CWE-401 (Missing Release of Memory after Effective Lifetime) describes precisely what occurs: the driver fails to call the corresponding reference-drop function on two code paths - probe deferral (late failure) and driver unbind - leaving the reference permanently held and blocking proper resource cleanup. CPE cpe:2.3:a:linux:linux identifies the Linux kernel as the affected software component; only platforms with MediaTek SMI hardware instantiate this driver.

RemediationAI

The primary fix is upgrading the Linux kernel to a patched stable release: 5.15.203, 6.1.167, 6.6.130, 6.12.77, 6.18.17, 6.19.6, or 7.0. Individual fix commits are available in the Linux stable tree at git.kernel.org (commits 04057b86fdac, 357e16a7fc9c, b9eccd59697f, 1f23a48ff2b8, f69535b77fa0, 1288bb394d46, and 9dae65913b32). Distributions such as Red Hat and SUSE (noted in tags) should be consulted for their respective backported packages. As a compensating control where MediaTek SMI functionality is not required, adding 'blacklist mtk-smi' to /etc/modprobe.d/ prevents the driver from loading entirely, eliminating the vulnerable code path at the cost of disabling MediaTek memory interface management - this trade-off is acceptable only on systems where that hardware is absent or unused.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-71287 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy