CVE-2025-71152

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel has a flaw in the handling of references for DSA (Distributed Switch Architecture) conduits and their associated kobjects. Specifically, the OF (Device Tree) path does not release the reference count on the conduit's kobject, leading to potential memory leaks. Additionally, the conduit pointer within DSA can become stale if the conduit unregisters while DSA is still using it. This issue arises from incorrect reference management between the conduit net device and its kobject. The problem affects both OF and non-OF probing paths. The fix involves running of find net device by node() under rtnl lock() to prevent the conduit from unregistering unexpectedly and ensuring proper reference tracking using the netdev tracker mechanism (dev hold() and dev put()). The CPU port must also maintain an explicit reference to the conduit to handle scenarios where user ports are moved between conduits or when LAG (Link Aggregation Group) conduits disappear.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.