CVE Catalog

CVE-2025-71190

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A vulnerability in the Linux kernel's BCM-SBA-RAID DMA driver causes a device reference leak during probe. The driver fails to drop the reference taken when looking up the mailbox device on probe failures or driver unbind.

Risk Assessment

This device reference leak can lead to system instability, kernel resource exhaustion, and potential memory management issues, which in extreme cases may result in denial of service (DoS).

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit 0b0b7a1c1e2f) or apply an appropriate backport. A system reboot is required after the update.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during probe on probe failures and on driver unbind.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS