Linux Kernel Refcount Leak Vulnerability in Lantiq GSWIP DSA Driver

Vulnerability

A refcount leak vulnerability has been identified in the Lantiq GSWIP DSA driver of the Linux kernel. The issue arises because the function 'for_each_available_child_of_node()' decrements the reference count of the previous node with each iteration. When the loop is exited early, the reference count of the last node is not properly released, leading to a memory leak. The vulnerability has been addressed by adding the missing 'of_node_put()' call to ensure the reference count is correctly managed.

Impact

Exploitation of this vulnerability could lead to a memory leak, where reference counts are not properly released, potentially causing increased memory usage and related issues.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Refcount Leak Vulnerability in Lantiq GSWIP DSA Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating