Description
In the Linux kernel, the following vulnerability has been resolved:

misc: ti_fpc202: fix a potential memory leak in probe function

Use for_each_child_of_node_scoped() to simplify the code and ensure the
device node reference is automatically released when the loop scope
ends.
Published: 2026-05-06
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A potential memory leak exists in the Linux kernel’s ti_fpc202 driver when the probe function does not correctly release device node references. The kernel patch replaces manual handling with for_each_child_of_node_scoped(), automatically freeing references at the end of the loop. If this flaw remains, repeated device scans could consume kernel memory, leading to kernel instability, crashes, or a denial‑of‑service scenario. The vulnerability does not provide a direct path to gaining code execution, but the loss of kernel memory can degrade overall system reliability.

Affected Systems

All Linux kernel installations that include the ti_fpc202 driver are affected, as the issue targets the generic kernel code rather than a specific distribution version. Since the driver is part of the default kernel tree, any system running a kernel build that predates the patch is potentially vulnerable. The vendor is the Linux community, and the fix is delivered through the upstream kernel release process.

Risk and Exploitability

The CVSS score is not listed, and no EPSS data is available, so the exploitation likelihood based on public data is low. The flaw requires local privilege or kernel execution to repeatedly invoke the probe function. The likely attack vector is a locally privileged user or a user running code that can trigger the driver’s probe routine. If the flaw is exercised, the resulting memory exhaustion could lead to kernel instability, crashes, or a denial‑of‑service scenario. It is not listed in CISA’s KEV catalog and no publicly available exploits are known.

Generated by OpenCVE AI on May 6, 2026 at 14:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the commit from c/d2975604bf1ba36ffc5a08fe8da97fd63b91c4f1 or later, ensuring the ti_fpc202 driver incorporates the automatic reference release change.
  • If a kernel update is not immediately possible, manually patch the kernel source by applying the diff from the referenced commit and rebuild the kernel, then load the updated module.
  • Until a kernel update is available, disable the ti_fpc202 driver or use a kernel boot parameter to prevent its loading, thereby avoiding repeated probe executions that could trigger the leak.

Generated by OpenCVE AI on May 6, 2026 at 14:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
CWE-772

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: misc: ti_fpc202: fix a potential memory leak in probe function Use for_each_child_of_node_scoped() to simplify the code and ensure the device node reference is automatically released when the loop scope ends.
Title misc: ti_fpc202: fix a potential memory leak in probe function
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:32:22.378Z

Reserved: 2026-05-06T11:31:45.509Z

Link: CVE-2025-71290

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:28.210

Modified: 2026-05-06T13:07:51.607

Link: CVE-2025-71290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T14:30:05Z

Weaknesses