CVE-2025-71163Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime12 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJan 25
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

NVDlinux/linux_kernel5.155.15.199+5
Debianlinux/linux_kernel< 6.1.162-1+2
CVEListV5linux/linux6e7f3ee97bbe2c7d7a53b7dbd7a08a579e03c8c9b7bd948f89271c92d9ca9b2b682bfba56896e959+6
debiandebian/linux< linux 6.1.162-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-71163: In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the2026-01-25
GHSA
GHSA-7pgx-8vw6-gxgv: In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop th2026-01-25

📋Vendor Advisories

8
Ubuntu
Linux kernel (HWE) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16

🕵️Threat Intelligence

1
Wiz
CVE-2025-71163 Impact, Exploitability, and Mitigation Steps | Wiz