Volerion logoVolerion
Volerion logoVolerion

Linux Kernel RapidIO Device Reference Count Leak Vulnerability

Vulnerability

A reference count leak vulnerability has been identified in the RapidIO mport character device driver of the Linux kernel. This issue arises when the function kfifo_alloc fails, leaving the reference count of the associated device incremented. The vulnerability is present in the Linux kernel stable tree. The root cause is the failure to properly decrement the reference count, which can lead to a memory management issue.

Impact

Exploitation of this vulnerability causes a reference count leak, which can lead to improper memory management and potential resource exhaustion.

Reproduction

The vulnerability can be reproduced by opening a RapidIO mport character device when the kfifo_alloc function fails to allocate the necessary resources. This failure leaves the reference count of the device incremented, creating a leak that is not properly managed.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.

Added: Dec 30, 2025, 6:04 PM
Updated: Dec 30, 2025, 6:04 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
1.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.