Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Chameleon Bus Error Handling Vulnerability in MCB Device Registration

Vulnerability

A vulnerability in the Linux kernel's handling of the MEN Chameleon Bus has been addressed. The issue arose in the 'chameleon_parse_gdd()' function, where an error returned by 'mcb_device_register()' led to a reference count leak of the bus and device names. This leak was resolved by calling 'put_device()' to release the reference, allowing for proper cleanup in 'mcb_release_dev()' and 'kobject_cleanup()'.

Impact

The vulnerability could lead to a memory leak by not properly releasing references, potentially causing increased memory usage or exhaustion.

Reproduction

The vulnerability can be reproduced by registering a device on the MEN Chameleon Bus and simulating an error response from the 'mcb_device_register()' function. This will trigger the reference count leak by not properly releasing the bus and device name references.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Oct 7, 2025, 6:37 PM
Updated: Oct 7, 2025, 6:37 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.