Linux Kernel PCI: Mediatek Refcount Leak Vulnerability

Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's PCI subsystem for Mediatek devices. The issue arises in the mtk_pcie_subsys_powerup() function, where the of_find_compatible_node() function returns a node pointer with an incremented refcount. The vulnerability occurs because the refcount is not properly released after use. The missing of_node_put() call has been added to address this issue.

Impact

The vulnerability could lead to a memory management issue, where reference counts are not properly managed, potentially causing resource leaks or other unintended behavior in the PCI subsystem.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PCI: Mediatek Refcount Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating