CVE-2025-23160

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A resource leak has been identified in the Linux kernel related to the system companion processor (SCP) on Mediatek devices. The issue arises during firmware initialization when the mtk scp structure is not explicitly removed, leading to a resource leak. The leak occurs if the allocation of the firmware structure fails.

Recommendations For the affected Linux kernel versions, ensure that the mtk scp structure is freed in case the allocation of the firmware structure fails during firmware initialization to prevent the resource leak. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Initialization

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665CWE-401

Related Identifiers

BDU:2026-02399

CVE-2025-23160

DLA-4328-1

DSA-6009-1

ECHO-E6CD-1A9F-924E

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:01967-1

SUSE-SU-2025:01972-1

SUSE-SU-2025:02000-1

SUSE-SU-2025:20408-1

SUSE-SU-2025:20413-1

SUSE-SU-2025:20419-1

SUSE-SU-2025:20421-1

SUSE-SU-2025_01951-1

SUSE-SU-2025_01964-1

SUSE-SU-2025_01965-1

SUSE-SU-2025_01967-1

SUSE-SU-2025_01972-1

SUSE-SU-2025_02000-1

USN-7594-1

USN-7594-2

USN-7594-3

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-23160

Weakness Enumeration

Related Identifiers

Affected Products

References · 2809