Linux Kernel Firmware Loader Memory Leak Vulnerability

Vulnerability

A memory leak vulnerability has been addressed in the Linux kernel's firmware loader component. During the firmware upload process, an instance of the 'fw_upload' structure is allocated but not properly freed, leading to a memory leak. The vulnerability arises because the allocated data needs to be released in the 'fw_dev_release()' function. To resolve this issue, a new 'fw_upload_free()' function has been created in 'sysfs_upload.c' to manage the specific memory deallocation for firmware uploads, incorporating the necessary 'kfree' call for the 'fw_upload' structure.

Impact

Exploitation of this vulnerability could lead to a memory leak, causing increased memory usage and potentially leading to a denial-of-service condition.

Added: Jun 18, 2025, 10:04 PM

Updated: Jun 18, 2025, 10:04 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Firmware Loader Memory Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating