CVE-2025-71287
Description
In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure (e.g. probe deferral) and on driver unbind.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-71287
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-71287.html
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/f69535b77fa0518ad39870c00dd2995439ed5c34
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/b9eccd59697f7e1cb9a714501d9af826e7f7e073
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/9dae65913b32d05dbc8ff4b8a6bf04a0e49a8eb6
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/357e16a7fc9c1fef2ea37dce9bb6b9bcb1d1687d
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/1f23a48ff2b8ab47e514f7c84a4b1dbf9b848168
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/1288bb394d464975cea18f69940f206e235e0fe7
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/04057b86fdac3d4847913a97dc6552c0bff9b85e
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 6.1.170-1 |
| debian | bullseye | affected | |
| debian | forky | fixed | 6.19.6-1 |
| debian | sid | fixed | 6.19.6-1 |
| debian | trixie | fixed | 6.12.85-1 |
| linux-kernel | affected | 5.15.203 |
References
- https://git.kernel.org/stable/c/04057b86fdac3d4847913a97dc6552c0bff9b85e
- https://git.kernel.org/stable/c/1288bb394d464975cea18f69940f206e235e0fe7
- https://git.kernel.org/stable/c/1f23a48ff2b8ab47e514f7c84a4b1dbf9b848168
- https://git.kernel.org/stable/c/357e16a7fc9c1fef2ea37dce9bb6b9bcb1d1687d
- https://git.kernel.org/stable/c/9dae65913b32d05dbc8ff4b8a6bf04a0e49a8eb6
- https://git.kernel.org/stable/c/b9eccd59697f7e1cb9a714501d9af826e7f7e073
- https://git.kernel.org/stable/c/f69535b77fa0518ad39870c00dd2995439ed5c34
- https://www.suse.com/security/cve/CVE-2025-71287.html
- https://security-tracker.debian.org/tracker/CVE-2025-71287
CWEs
CWE-401
Verify integrity in audit chain (admin only). AS-IS.