Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Hotplug Callback Leak Vulnerability in ARM DMC-620 PMU Driver

Vulnerability

A hotplug callback leak vulnerability has been identified in the Linux kernel's ARM DMC-620 performance monitoring unit (PMU) driver. The issue arises in the 'dmc620_pmu_init()' function, which fails to remove a callback added by 'cpuhp_setup_state_multi()' when 'platform_driver_register()' encounters an error. This oversight can lead to a callback leak, similar to a previously addressed issue in the ARM CCN driver. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a hotplug callback leak, where callbacks are not properly removed, potentially leading to undefined behavior or resource management issues.

Reproduction

The vulnerability can be reproduced by initializing the ARM DMC-620 PMU driver and simulating a failure in the 'platform_driver_register()' function. This will cause the 'dmc620_pmu_init()' function to exit without removing the hotplug callback, creating a leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Dec 30, 2025, 5:53 PM
Updated: Dec 30, 2025, 5:53 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.