Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Reference Count Leak Vulnerability in Intel Uncore Performance Events

Vulnerability

A reference count leak vulnerability has been identified in the Linux kernel's handling of Intel uncore performance events. This issue arises in the 'hswep_has_limit_sbox()' function, where the 'pci_get_device()' call increases the reference count of the returned device. The vulnerability requires a corresponding 'pci_dev_put()' call to decrease the reference count, which was initially missing. The issue affects several versions of the Linux kernel.

Impact

The vulnerability could lead to a reference count leak, potentially causing memory management issues.

Reproduction

The vulnerability can be reproduced by invoking the 'hswep_has_limit_sbox()' function within the Intel uncore performance events module. The function will read from the PCI configuration space of a device without properly releasing the device reference, leading to a reference count leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Sep 15, 2025, 6:38 PM
Updated: Sep 15, 2025, 6:38 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.