Linux Kernel Refcount Leak Vulnerability in PM/devfreq Exynos PPMU

Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's PM/devfreq subsystem, specifically within the Exynos PPMU component. The issue arises because the function 'of_get_devfreq_events_of_get_child_by_name()' returns a node pointer with an incremented reference count, which is not properly decremented in error paths, leading to a memory leak. The vulnerability has been addressed by adding the missing 'of_node_put()' call in the error handling paths.

Impact

Exploitation of this vulnerability could lead to a memory refcount leak, potentially causing memory management issues such as use-after-free vulnerabilities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Refcount Leak Vulnerability in PM/devfreq Exynos PPMU

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating