CVE-2025-71189

MEDIUM

Linux Kernel 5.19.0-6.1.161, 6.2.0-6.6.121, 6.7.0-6.12.66, 6.13.0-6.18.6 - Use-After-Free in DMA Engine Route Allocation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/6b87288581a0fcbe54b39da5c10e1aee2df8776e

Patch

https://git.kernel.org/stable/c/8f7a391211381ed2f6802032c78c7820d166bc49

Patch

https://git.kernel.org/stable/c/eabe40f8a53c29f531e92778ea243e379f4f7978

Patch

https://git.kernel.org/stable/c/ec25e60f9f95464aa11411db31d0906b3fb7b9f2

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-253495.html

Patch

https://git.kernel.org/stable/c/db7c79c1bbfb1b0184e78a17ac2bd0f2bc3134d1

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 8.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (19)

linux/Kernel 5.19.0 - 6.1.162linux

linux/Kernel 6.13.0 - 6.18.7linux

linux/Kernel 6.2.0 - 6.6.122linux

linux/Kernel 6.7.0 - 6.12.67linux

Linux/Linux < 5.19

Linux/Linux 134d9c52fca26d2d199516e915da00f0cc6adc73 - 6b87288581a0fcbe54b39da5c10e1aee2df8776e

Linux/Linux 134d9c52fca26d2d199516e915da00f0cc6adc73 - 8f7a391211381ed2f6802032c78c7820d166bc49

Linux/Linux 134d9c52fca26d2d199516e915da00f0cc6adc73 - db7c79c1bbfb1b0184e78a17ac2bd0f2bc3134d1

Linux/Linux 134d9c52fca26d2d199516e915da00f0cc6adc73 - eabe40f8a53c29f531e92778ea243e379f4f7978

Linux/Linux 134d9c52fca26d2d199516e915da00f0cc6adc73 - ec25e60f9f95464aa11411db31d0906b3fb7b9f2

... and 9 more

Published Jan 31, 2026

Tracked Since Feb 18, 2026