CVE-2025-71081 in Linux
Summary
by MITRE • 01/13/2026
In the Linux kernel, the following vulnerability has been resolved:
ASoC: stm32: sai: fix OF node leak on probe
The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe.
Make sure to drop the reference on platform probe failures (e.g. probe deferral) and on driver unbind.
This also avoids a potential use-after-free in case the DAI is ever reprobed without first rebinding the platform driver.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/31/2026
The vulnerability CVE-2025-71081 addresses a memory management issue within the Linux kernel's sound subsystem, specifically affecting the stm32 sai audio driver implementation. This flaw represents a resource leak condition that occurs during device probe operations, where the device tree node reference for synchronization providers is not properly released under certain failure scenarios. The issue is classified as a memory leak according to CWE-404, which specifically deals with improper resource management and failure to release resources.
The technical implementation flaw stems from the Asynchronous Sound Configuration (ASoC) framework's stm32 sai driver where the reference counting mechanism for device tree nodes fails to account for all possible failure paths during platform device initialization. During the probe sequence, when the driver attempts to establish synchronization relationships with provider nodes through the device tree, it correctly releases references only when the set_sync() callback fails. However, this logic does not consider other failure conditions such as probe deferral scenarios or driver unbind operations, leading to dangling references that consume kernel memory resources.
The operational impact of this vulnerability manifests as a gradual memory consumption increase within the kernel's device tree subsystem, potentially leading to system instability or performance degradation over time. When multiple audio devices are probed repeatedly or when system resources become constrained, the accumulation of unreleased references can contribute to memory exhaustion conditions. This issue is particularly concerning in embedded systems or real-time applications where deterministic memory behavior is critical. The vulnerability also creates potential for use-after-free conditions as mentioned in the description, where accessing freed memory references could lead to kernel crashes or arbitrary code execution under specific circumstances.
Mitigation strategies should focus on ensuring proper reference counting throughout the driver's lifecycle, implementing comprehensive error handling for all probe failure paths, and maintaining consistent resource management practices. The fix requires updating the driver's probe function to always release the device tree node reference regardless of the specific failure condition encountered. This approach aligns with ATT&CK technique T1547.001 which covers registry run keys and startup folder, though in this case the focus is on proper resource cleanup rather than persistence mechanisms. System administrators should ensure kernel updates are applied promptly, and developers should implement similar reference counting patterns in other drivers to prevent similar issues. The solution involves modifying the driver's platform probe logic to include reference release operations in all failure scenarios, including probe deferral and driver unbind events, thereby preventing the accumulation of unreleased device tree node references that could lead to memory exhaustion or system instability.