Linux Kernel VFIO PCI Memory Leak Vulnerability During Power State Transitions

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's VFIO PCI implementation. This issue arises when the PCI device's power management state is transitioned from D0 to D3hot and back to D0. During this process, the VFIO driver saves the PCI state to a local variable but fails to free the allocated memory under certain conditions, leading to a memory leak. This vulnerability can be exploited by looping the state transitions, causing an out-of-memory situation.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the system to run out of memory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel VFIO PCI Memory Leak Vulnerability During Power State Transitions

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating