Primary

Context

Linux Kernel OCXL Driver PCI Device Reference Count Leak Vulnerability

Vulnerability

Patched

A vulnerability exists in the Linux kernel OCXL driver, specifically related to improper management of PCI device reference counts. The issue arises in the 'get_function_0()' function, which retrieves a PCI device but fails to release the reference correctly, leading to a memory leak. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a reference count leak, potentially leading to memory management issues.

Reproduction

The vulnerability can be reproduced by calling 'get_function_0()' without properly managing the PCI device reference count. This can be done by not calling 'pci_dev_put()' after 'pci_get_domain_bus_and_slot()', which increments the reference count. The issue can also be reproduced by not handling the reference count correctly in the error path of the function.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Sep 15, 2025, 6:16 PM

Updated: Sep 15, 2025, 6:16 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.3

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.3

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel OCXL Driver PCI Device Reference Count Leak Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating