CVE Catalog

CVE-2025-71163

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

In the Linux kernel, a vulnerability in the idxd DMA driver causes device reference leaks during compat bind and unbind operations. Failure to release references leads to improper memory management.

Risk Assessment

Reference leaks can exhaust kernel memory, leading to system instability or denial of service (DoS) for processes using DMA.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit that removes the reference leak in the idxd driver).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS