Linux kernel
Moderate fix1 remedy
cpe:2.3:o:kernel:linux_kernel:*:*:*:*:*:*:*
Moderate fix1 remedy
Linux Kernel RapidIO Name Leak Vulnerability in Device Management
Vulnerability
A memory management vulnerability has been identified in the RapidIO device handling of the Linux kernel. This issue arises when the function 'rio_add_device()' fails, leading to a name leak where the device name is not properly freed. The vulnerability is present in the RapidIO management port character device driver.
Impact
The vulnerability can lead to memory leaks by not properly releasing device names when errors occur, potentially causing increased memory usage or exhaustion.
Reproduction
The vulnerability can be reproduced by adding a RapidIO device through the management port character device driver. If the 'rio_add_device()' function fails, the allocated device name is not freed, creating a name leak. This failure can be simulated by introducing conditions that cause 'rio_add_device()' to return an error, such as adding a device that already exists or is invalid.
Remediation
The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.
Added: Sep 16, 2025, 6:28 PM
Updated: Sep 16, 2025, 6:28 PM
Vulnerability Rating
Custom Algorithm
spread
9.0impact
0.0exploitability
4.3remediation
7.7relevance
0.5threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.