CVE-2025-71191
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
In the Linux kernel, the at_hdmac driver has a device reference leak in of_dma_xlate(). The reference taken when looking up the DMA platform device is not dropped after successful channel allocation, causing a memory leak.
Risk Assessment
This reference leak can gradually exhaust kernel memory, potentially leading to system instability or denial of service (DoS) on devices using the Atmel DMA controller.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit 3832b78b3ec2 or later), which ensures proper release of the device reference after DMA channel allocation.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 3832b78b3ec2 ("dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()") fixed the leak in a couple of error paths but the reference is still leaking on successful allocation.

