Primary

Context

Linux Kernel CMDQ Memory Leak Vulnerability in hinic Driver

Vulnerability

Patched

A memory leak vulnerability has been identified in the Linux kernel's hinic network driver. When the function hinic_set_cmdq_depth() fails during the initialization of command queues, the allocated CMDQ memory is not properly released. This issue affects the stable versions of the Linux kernel.

Impact

The vulnerability leads to memory leaks, which can cause increased memory usage and potentially degrade system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the hinic_init_cmdqs() function with a scenario that causes hinic_set_cmdq_depth() to fail. This will result in the CMDQ memory not being freed, creating a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Sep 18, 2025, 3:50 PM

Updated: Sep 18, 2025, 3:50 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.7

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.7

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CMDQ Memory Leak Vulnerability in hinic Driver

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating