CVE-2025-71189 Overview
A memory leak vulnerability has been discovered in the Linux kernel's DMA engine subsystem, specifically within the DesignWare DMA multiplexer (dw-dmamux) driver. The vulnerability occurs when the driver fails to properly release an Open Firmware (OF) node reference during route allocation failures, leading to a resource leak condition.
Critical Impact
This vulnerability can cause memory resource exhaustion on systems using the DesignWare DMA multiplexer driver, potentially leading to system instability or denial of service conditions over time.
Affected Products
- Linux Kernel with DesignWare DMA multiplexer driver enabled
- Systems using Device Tree configurations with DMA multiplexer functionality
- Embedded systems and SoCs utilizing the dw-dmamux driver
Discovery Timeline
- 2026-01-31 - CVE CVE-2025-71189 published to NVD
- 2026-02-03 - Last updated in NVD database
Technical Details for CVE-2025-71189
Vulnerability Analysis
This vulnerability is classified as a Memory Leak affecting the Linux kernel's DMA engine subsystem. The issue resides in the DesignWare DMA multiplexer driver, which handles routing of DMA requests between peripherals and DMA controllers on systems using Device Tree configurations.
When a DMA route allocation request is initiated, the driver takes a reference to the DMA master's Open Firmware (OF) node. Under normal operation, this reference is properly managed and released when no longer needed. However, when a late-stage route allocation failure occurs, the code path fails to drop the previously acquired reference to the DMA master OF node.
This oversight results in the OF node reference count never being decremented, causing the node to remain allocated in kernel memory indefinitely. Over time, repeated allocation failures can accumulate orphaned references, consuming kernel memory resources.
Root Cause
The root cause is an improper cleanup path in the error handling logic of the DMA route allocation function. When allocation fails after the OF node reference has been taken, the error path does not include the necessary of_node_put() call to release the reference. This violates the kernel's reference counting semantics for Device Tree nodes, where every of_node_get() must have a corresponding of_node_put().
Attack Vector
This vulnerability requires local access to a system running an affected Linux kernel with the DesignWare DMA multiplexer driver enabled. An attacker could potentially trigger repeated DMA route allocation failures through specific system operations or by manipulating hardware states, though practical exploitation would be complex.
The vulnerability manifests in the dmaengine/dw/dmamux subsystem during route allocation failure scenarios. When a DMA route request fails after the driver has already obtained a reference to the DMA master's OF node, the cleanup code does not properly release this reference. The fix ensures that of_node_put() is called on the DMA master node in all failure paths.
For technical implementation details, see the Linux Kernel Commit 8f7a391.
Detection Methods for CVE-2025-71189
Indicators of Compromise
- Gradual increase in kernel memory usage over time without corresponding user-space memory growth
- Device Tree node reference count anomalies visible in kernel debugging output
- Kernel warnings or messages related to OF node reference leaks when CONFIG_OF_DYNAMIC debugging is enabled
Detection Strategies
- Monitor kernel memory statistics for unexplained growth in slab allocations related to Device Tree nodes
- Enable kernel tracing on of_node_get and of_node_put functions to identify imbalanced reference counting
- Review system logs for DMA route allocation failure messages that may indicate triggering conditions
Monitoring Recommendations
- Implement continuous monitoring of kernel memory utilization on systems using the DesignWare DMA driver
- Deploy kernel debugging configurations in test environments to detect reference counting issues
- Use kernel memory leak detection tools such as kmemleak to identify orphaned OF node allocations
How to Mitigate CVE-2025-71189
Immediate Actions Required
- Apply the official kernel patches from the Linux kernel stable tree immediately
- Review affected systems for signs of memory degradation that may indicate prior exploitation
- Consider rebooting affected systems after patching to reclaim any leaked memory resources
Patch Information
The Linux kernel maintainers have released patches to address this vulnerability. The fix ensures proper OF node reference handling in all error paths during DMA route allocation.
Apply the appropriate patch for your kernel version:
- Linux Kernel Commit 8f7a391
- Linux Kernel Commit db7c79c
- Linux Kernel Commit eabe40f
- Linux Kernel Commit ec25e60
Workarounds
- If immediate patching is not possible, consider periodic system reboots to clear accumulated memory leaks
- Disable or unload the dw-dmamux driver module if not required for system operation
- Monitor system memory usage and establish alerting thresholds for abnormal kernel memory consumption
# Check if the dw-dmamux driver is loaded
lsmod | grep dw_dmamux
# Monitor kernel memory usage
cat /proc/meminfo | grep -E "Slab|KernelStack"
# Enable kmemleak for debugging (requires CONFIG_DEBUG_KMEMLEAK)
echo scan > /sys/kernel/debug/kmemleak
cat /sys/kernel/debug/kmemleak
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
