Skip to main content

Linux Kernel CVE-2025-71288

| EUVDEUVD-2025-209679 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-pw82-jcjx-2282
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 11:16 vuln.today
CVSS changed
May 13, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:02 EUVD
CVE Published
May 06, 2026 - 11:32 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

memory: mtk-smi: fix device leaks on common probe

Make sure to drop the reference taken when looking up the SMI device during common probe on late probe failure (e.g. probe deferral) and on driver unbind.

AnalysisAI

Resource leak in the Linux kernel's mtk-smi (MediaTek System Memory Interface) driver allows a local, low-privileged attacker on MediaTek SoC-based systems to cause a denial of service by exhausting kernel device references. The driver fails to call put_device() on the SMI device reference obtained during common probe when late probe failure (e.g., -EPROBE_DEFER) or driver unbind occurs, leaving dangling references that accumulate over repeated cycles. No public exploit identified at time of analysis and EPSS at 0.02% (7th percentile) indicates very low exploitation probability; patches are available across multiple stable branches.

Technical ContextAI

The mtk-smi driver manages the System Memory Interface interconnect on MediaTek SoCs, coordinating memory bandwidth and QoS between hardware blocks. During the common probe path, the driver performs a device lookup that increments an internal reference counter. CWE-401 (Missing Release of Memory after Effective Lifetime) is the root cause: on two specific exit paths - late probe deferral (returning -EPROBE_DEFER before full initialization) and driver unbind - the compensating put_device() call is absent, leaking the reference. CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* scopes this to the mainline Linux kernel tree from the introducing commit 47404757702ec8aa5c8310cdf58a267081f0ce6c onward across all stable series until the respective backport fixes. The bug is entirely within a platform driver for specialized hardware and has no network-facing attack surface.

RemediationAI

Upgrade to patched kernel versions: 6.1.167, 6.6.130, 6.12.77, 6.18.17, 6.19.6, or 7.0 depending on the active stable series. Upstream fix commits are available at https://git.kernel.org/stable/c/b8b2cf42b94c0a8efe43279643935256a6f58b9f and the five additional sibling commits listed in the references. Red Hat and SUSE users should apply kernel errata from their respective vendor channels as distribution-specific backports may differ from upstream versioning. As a compensating control on systems where immediate kernel upgrade is not feasible, preventing unprivileged users from triggering driver bind/unbind operations (e.g., restricting access to /sys/bus/platform/drivers/mtk-smi/) reduces exposure, though this may affect legitimate administrative operations. Systems not based on MediaTek SoC hardware are entirely unaffected and require no action.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-71288 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy