CVE-2025-71163
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
In the Linux kernel, a vulnerability in the idxd DMA driver causes device reference leaks during compat bind and unbind operations. Failure to release references leads to improper memory management.
Risk Assessment
Reference leaks can exhaust kernel memory, leading to system instability or denial of service (DoS) for processes using DMA.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit that removes the reference leak in the idxd driver).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface.

