Volerion logoVolerion
Volerion logoVolerion

Linux Kernel RDMA/hns Reference Count Leak Vulnerability

Vulnerability

A reference count leak vulnerability has been identified in the Linux kernel's RDMA/hns component. This issue arises in the 'hns_roce_mmap' function, where the 'rdma_user_mmap_entry_get_pgoff' function acquires a reference that is not properly released. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a reference count leak, which may cause memory management issues such as use-after-free vulnerabilities or memory leaks.

Reproduction

The vulnerability can be reproduced by invoking the 'hns_roce_mmap' function within the RDMA/hns component of the Linux kernel. The 'rdma_user_mmap_entry_get_pgoff' function will be called, creating a reference that is not released, causing a reference count leak.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability. The patch is included in the commit '8abd2ff2256a2a99c11c7ecdcb5512429933620f', which is part of the Linux kernel stable release.

Added: Dec 24, 2025, 4:46 PM
Updated: Dec 24, 2025, 4:46 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.