Description
In the Linux kernel, the following vulnerability has been resolved:

memory: mtk-smi: fix device leak on larb probe

Make sure to drop the reference taken when looking up the SMI device
during larb probe on late probe failure (e.g. probe deferral) and on
driver unbind.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory leak in the MediaTek SMI driver for the Linux kernel caused by failing to release references to the SMI device during late probe failures or driver unbind events. The leak can accumulate over time, potentially exhausting available kernel memory, which could lead to system instability, crashes, or a denial of service

Affected Systems

The driver is part of the Linux kernel’s MediaTek SMI implementation. All Linux kernel builds that include this driver—primarily distributions for MediaTek SoCs—are affected. The advisory does not specify exact kernel versions; therefore any version before the kernel commit that introduced the fix is vulnerable. Users should verify that their kernel contains the upstream patch

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity, and the EPSS score is < 1%. The vulnerability is not listed in CISA KEV. Because the flaw requires a failure during probe or unbind of the SMI device, exploitation would likely occur only in environments where the driver is loaded often or during boot, making accidental exploitation possible but difficult to trigger covertly. Nonetheless, the potential for memory exhaustion warrants patching as soon as possible

Generated by OpenCVE AI on May 13, 2026 at 20:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the fix (commit 04057b86f or later).
  • If upgrading the kernel is not immediately possible, temporarily disable the MediaTek SMI driver or ensure it is not loaded during boot by blacklisting the module.
  • Monitor system memory usage for signs of degradation and verify that the reference counter for SMI devices remains after repeated bind/unbind cycles.

Generated by OpenCVE AI on May 13, 2026 at 20:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 18:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 06 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure (e.g. probe deferral) and on driver unbind.
Title memory: mtk-smi: fix device leak on larb probe
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T21:57:17.006Z

Reserved: 2026-05-06T11:31:45.509Z

Link: CVE-2025-71287

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:27.857

Modified: 2026-05-13T18:42:19.490

Link: CVE-2025-71287

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2025-71287 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:15:04Z

Weaknesses