Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Cpufreq Qcom Memory Leak Vulnerability

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's cpufreq component for Qualcomm processors. This issue arises when the speedbin length is incorrect, leading to a memory leak in the error handling process, as the speedbin buffer is not properly freed. The vulnerability is present in versions of the Linux kernel through 5.7.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage that is not released, which could potentially be exploited to cause a denial of service.

Reproduction

The vulnerability can be reproduced by using the cpufreq driver for Qualcomm Krait-based SoCs. If the speedbin length is set incorrectly, the driver will leak memory by failing to free the speedbin buffer in the error handling path.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Dec 9, 2025, 5:14 PM
Updated: Dec 9, 2025, 5:14 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
1.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.