Linux Kernel Xillybus Refcount Leak Vulnerability

Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's xillybus character driver. The issue arises in the xillyusb_probe function, where usb_get_dev is called, but usb_put_dev is not properly invoked before releasing the device, leading to a reference count leak.

Impact

The vulnerability causes a refcount leak, which can potentially be exploited to cause a use-after-free condition or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Xillybus Refcount Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating