Description
In the Linux kernel, the following vulnerability has been resolved:

memory: mtk-smi: fix device leaks on common probe

Make sure to drop the reference taken when looking up the SMI device
during common probe on late probe failure (e.g. probe deferral) and on
driver unbind.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The mtk-smi driver in the Linux kernel contains a flaw that retains a reference to the SMI device when a probe is deferred or the driver is unbound, causing a memory leak. This leak permits memory consumption to grow without bound, potentially leading to device corruption or a denial‑of‑service if the kernel exhausts available memory. The weakness corresponds to improper release of resources (CWE-911) and improper resource release (CWE-401).

Affected Systems

The issue applies to any Linux kernel that includes the unpatched mtk-smi driver. No explicit kernel version numbers are provided, so all kernels lacking the referenced commit remain at risk.

Risk and Exploitability

EPSS data indicates a very low likelihood of exploitation (score < 1%). The vulnerability is not listed in the CISA KEV catalog, suggesting no known public exploitation. The CVSS score of 5.5 reflects moderate severity. The likely attack vector is inferred to be local, where an attacker can induce a probe deferral or manually unbind the driver, leading to a memory leak that can grow unchecked. Repeated failures could exhaust kernel memory and cause a denial of service.

Generated by OpenCVE AI on May 13, 2026 at 20:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that incorporates the mtk-smi patch, ensuring that the commit adding the reference drop is present.
  • If updating the kernel is not feasible, unload or disable the mtk-smi driver module to eliminate the risk of memory leakage.
  • Monitor system logs for indications of late probe failures or driver unbinding events and investigate any abnormal SMI device reference counts.

Generated by OpenCVE AI on May 13, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References

Wed, 06 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during common probe on late probe failure (e.g. probe deferral) and on driver unbind.
Title memory: mtk-smi: fix device leaks on common probe
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T21:57:18.140Z

Reserved: 2026-05-06T11:31:45.509Z

Link: CVE-2025-71288

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:27.987

Modified: 2026-05-13T18:42:11.303

Link: CVE-2025-71288

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2025-71288 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:45:04Z

Weaknesses