Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Memory Leak Vulnerability in Xen Spinlock Initialization

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's handling of Xen-specific spinlocks. The issue arises in the 'xen_init_lock_cpu()' function, where a string is allocated using 'kasprintf()' but not properly freed if 'bind_ipi_to_irqhandler()' fails. This oversight can lead to a memory leak. The vulnerability affects the Linux kernel stable tree, specifically in the x86 architecture with Xen virtualization.

Impact

The vulnerability can cause a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by initializing a Xen spinlock on a CPU where the 'bind_ipi_to_irqhandler()' function fails. This will result in the allocated string not being freed, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.

Added: Dec 24, 2025, 5:00 PM
Updated: Dec 24, 2025, 5:00 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
1.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.