Skip to main content

Linux Kernel EUVDEUVD-2025-209681

| CVE-2025-71290 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-xg3f-ph47-c5jv
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 11:44 vuln.today
CVSS changed
May 13, 2026 - 21:22 NVD
5.5 (MEDIUM)
CVE Published
May 06, 2026 - 11:32 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

misc: ti_fpc202: fix a potential memory leak in probe function

Use for_each_child_of_node_scoped() to simplify the code and ensure the device node reference is automatically released when the loop scope ends.

AnalysisAI

Memory exhaustion denial-of-service in the Linux kernel's ti_fpc202 misc driver allows a local low-privileged user to degrade system availability through a memory leak introduced in the probe function. The root cause is improper release of device tree child node references during driver initialization when iterating over nodes, classified as CWE-401 (Missing Release of Memory after Effective Lifetime). No active exploitation is confirmed - no public exploit identified at time of analysis - and the extremely low EPSS score of 0.02% (4th percentile) reflects the niche hardware dependency and local-only attack surface.

Technical ContextAI

The ti_fpc202 driver (drivers/misc/ti_fpc202.c) manages the Texas Instruments FPC202 USB Type-C port controller, a hardware component found in select embedded and industrial platforms. The vulnerability manifests in the driver's probe function, which enumerates child device tree nodes to configure hardware. Prior to the fix, the code used a standard iteration macro that did not automatically release the of_node reference upon early loop exit - a classic reference-counting bug in the Linux kernel device tree API (CWE-401). Each leaked reference retains kernel memory allocated for that node object, accumulating over repeated probe/unbind cycles. The fix replaces the iteration with for_each_child_of_node_scoped(), introduced in modern kernel releases to enforce automatic cleanup via scoped resource management. Affected CPE: cpe:2.3:a:linux:linux across all versions prior to the fix commits on kernel stable branches. The 'Information Disclosure' tag in the metadata appears inconsistent with the CVSS vector (C:N), which records no confidentiality impact - this likely reflects a tagging artifact rather than a confirmed data-leak scenario.

RemediationAI

The primary fix is upgrading to a patched Linux kernel release: version 6.18.16, 6.19.6, or 7.0, each containing the correction to use for_each_child_of_node_scoped() in the ti_fpc202 probe function. Upstream patch commits are available at https://git.kernel.org/stable/c/dad9f13d967b4e53e8eaf5f9c690f8e778ad9802 (6.18.x branch), https://git.kernel.org/stable/c/dd16f314cb10e6807c74402efdfa2cccc1f15907 (6.19.x branch), and https://git.kernel.org/stable/c/d2975604bf1ba36ffc5a08fe8da97fd63b91c4f1 (7.0 branch). For systems where an immediate kernel upgrade is operationally infeasible, a targeted workaround is to blacklist or unload the ti_fpc202 kernel module (modprobe -r ti_fpc202 and adding it to /etc/modprobe.d/blacklist.conf), which entirely eliminates the vulnerable code path; the trade-off is loss of TI FPC202 USB Type-C controller functionality. This workaround is only viable on platforms where that controller is non-critical to operations.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2025-209681 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy