Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Vulnerability IntelligenceCVE-2025-71188

CVE-2025-71188

MEDIUM5.5

dmaengine: lpc18xx-dmamux: fix device leak on route allocation

Published Jan 31, 2026

Modified 2 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: lpc18xx-dmamux: fix device leak on route allocation

Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation.

Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference.

References

WEB

https://git.kernel.org/stable/c/1e47d80f6720f0224efd19bcf081d39637569c10

WEB

https://git.kernel.org/stable/c/3d396ebfb3049a2b5fac51d2c967db5114b685e8

WEB

https://git.kernel.org/stable/c/499ddae78c4baa9b94df76b2d2eb6b150d15377f

WEB

https://git.kernel.org/stable/c/992eb8055a6e5dbb808672d20d68e60d5a89b12b

WEB

https://git.kernel.org/stable/c/9fba97baa520c9446df51a64708daf27c5a7ed32

WEB

https://git.kernel.org/stable/c/adef147a8d8c3d767abf88ad2c381ffab2993086

WEB

https://git.kernel.org/stable/c/d4d63059dee7e7cae0c4d9a532ed558bc90efb55

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-71188

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedJan 31, 2026

ModifiedFeb 9, 2026

CVE-2025-71188 | Mondoo Vulnerability Intelligence