CVE-2025-71186

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1a179ac01ff3993ab97e33cc77c316ed7415cda1	Patch
https://git.kernel.org/stable/c/1dda2a32303df0091896b01a9d09070d61fa344c	Patch
https://git.kernel.org/stable/c/2fb10259d4efb4367787b5ae9c94192e8a91c648	Patch
https://git.kernel.org/stable/c/3b42020e6790a5e19b36c187ed5b488a5716f97f	Patch
https://git.kernel.org/stable/c/3ef52d31cce8ba816739085a61efe07b63c6cf27	Patch
https://git.kernel.org/stable/c/6393da54dcb3488c080a183c4182ddec71ba8d7f	Patch
https://git.kernel.org/stable/c/dd6e4943889fb354efa3f700e42739da9bddb6ef	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.15:-::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

History

25 Mar 2026, 18:43

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CWE		CWE-401
References	~~() https://git.kernel.org/stable/c/1a179ac01ff3993ab97e33cc77c316ed7415cda1 -~~	() https://git.kernel.org/stable/c/1a179ac01ff3993ab97e33cc77c316ed7415cda1 - Patch
References	~~() https://git.kernel.org/stable/c/1dda2a32303df0091896b01a9d09070d61fa344c -~~	() https://git.kernel.org/stable/c/1dda2a32303df0091896b01a9d09070d61fa344c - Patch
References	~~() https://git.kernel.org/stable/c/2fb10259d4efb4367787b5ae9c94192e8a91c648 -~~	() https://git.kernel.org/stable/c/2fb10259d4efb4367787b5ae9c94192e8a91c648 - Patch
References	~~() https://git.kernel.org/stable/c/3b42020e6790a5e19b36c187ed5b488a5716f97f -~~	() https://git.kernel.org/stable/c/3b42020e6790a5e19b36c187ed5b488a5716f97f - Patch
References	~~() https://git.kernel.org/stable/c/3ef52d31cce8ba816739085a61efe07b63c6cf27 -~~	() https://git.kernel.org/stable/c/3ef52d31cce8ba816739085a61efe07b63c6cf27 - Patch
References	~~() https://git.kernel.org/stable/c/6393da54dcb3488c080a183c4182ddec71ba8d7f -~~	() https://git.kernel.org/stable/c/6393da54dcb3488c080a183c4182ddec71ba8d7f - Patch
References	~~() https://git.kernel.org/stable/c/dd6e4943889fb354efa3f700e42739da9bddb6ef -~~	() https://git.kernel.org/stable/c/dd6e4943889fb354efa3f700e42739da9bddb6ef - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:4.15:-:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: dmaengine: stm32: dmamux: corregir fuga de dispositivo en la asignación de ruta Asegúrese de liberar la referencia tomada al buscar el dispositivo de plataforma DMA mux durante la asignación de ruta. Tenga en cuenta que mantener una referencia a un dispositivo no evita que los datos de su controlador desaparezcan, por lo que no tiene sentido mantener la referencia.

06 Feb 2026, 17:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/1dda2a32303df0091896b01a9d09070d61fa344c - () https://git.kernel.org/stable/c/3b42020e6790a5e19b36c187ed5b488a5716f97f - () https://git.kernel.org/stable/c/6393da54dcb3488c080a183c4182ddec71ba8d7f -

31 Jan 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-31 12:16

Updated : 2026-03-25 18:43

NVD link : CVE-2025-71186

Mitre link : CVE-2025-71186

CVE.ORG link : CVE-2025-71186

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10