CVE-2025-71187 — Missing Release of Memory after Effective Lifetime in Linux

CWE-401 — Missing Release of Memory after Effective Lifetime7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 99.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedJan 31

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures (e.g. probe deferral).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Linuxlinux/linux_kernel6.16.0 — 6.18.7

▶NVDlinux/linux_kernel6.16.1 — 6.18.7+2

▶Debianlinux/linux_kernel< 6.18.8-1

▶CVEListV5linux/linux7de873201c44bff5b42f2e560098d463843b8a4c — 926d1666420c227eab50962a8622c1b8444720e8+2

▶debiandebian/linux< linux 6.18.8-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2025-71187: In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the ref↗2026-01-31

▶

GHSA

GHSA-wg8p-rr8x-vm7c: In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the r↗2026-01-31

▶

OSV

dmaengine: sh: rz-dmac: fix device leak on probe failure↗2026-01-31

▶

📋Vendor Advisories

Red Hat

kernel: dmaengine: sh: rz-dmac: fix device leak on probe failure↗2026-01-31

▶

Debian

CVE-2025-71187: linux - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-71187 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶