Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Name Leak Vulnerability in OCXL File Register AFU Function

Vulnerability

A name leak vulnerability has been identified in the Linux kernel's OCXL file registration process for Accelerator Function Units (AFUs). This issue arises when the 'device_register()' function returns an error, as the name set by 'dev_set_name()' is not properly freed. The vulnerability exists in the 'ocxl_file_register_afu()' function within the OCXL driver. The problem can be exploited by causing 'device_register()' to fail, leading to a memory leak of the allocated name.

Impact

The vulnerability can lead to a memory leak, where allocated names are not properly freed, potentially causing resource exhaustion over time.

Reproduction

To reproduce this vulnerability, register an AFU using the 'ocxl_file_register_afu()' function and simulate an error response from the 'device_register()' function. This will cause the allocated name to leak, as it will not be freed properly, creating a name leak issue.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.

Added: Dec 9, 2025, 5:00 PM
Updated: Dec 9, 2025, 5:00 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.