Volerion logoVolerion
Volerion logoVolerion

Linux Kernel MXM WMI Memory Leak Vulnerability

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's MXM WMI driver. The issue arises because the ACPI buffer memory returned by the function wmi_evaluate_method() is not freed after it is called, leading to a memory leak. This unused buffer can accumulate, causing unnecessary memory consumption. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where unused ACPI buffer data is not properly released, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by calling the MXM WMI methods 'mxm_wmi_call_mxds' or 'mxm_wmi_call_mxmx' with an adapter parameter. These methods will trigger the memory leak by not freeing the ACPI buffer returned by 'wmi_evaluate_method()'.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.

Added: Oct 7, 2025, 6:38 PM
Updated: Oct 7, 2025, 6:38 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
0.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.