Linux kernel
Moderate fix3 remedies
cpe:2.3:o:kernel:linux_kernel:*:*:*:*:*:*:*
Moderate fix3 remedies
Linux Kernel USB DWC3 Memory Leak Vulnerability
Vulnerability
Patched
A memory leak vulnerability has been identified in the Linux kernel's USB DWC3 driver. When the function 'debugfs_lookup()' is called, the returned result must be released with 'dput()' to prevent a memory leak. The vulnerability arises because this requirement was not met, leading to a gradual accumulation of unreleased memory. The issue has been addressed by modifying the code to use 'debugfs_lookup_and_remove()', which automatically handles the necessary memory management. Additionally, the root directory entry for the debugfs directory of the device must be stored to avoid repeated lookups, necessitating some code refactoring.
Impact
The vulnerability could lead to a memory leak, where memory is not properly released, potentially causing increased memory usage over time.
Remediation
Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.
Added: Sep 18, 2025, 2:26 PM
Updated: Sep 18, 2025, 2:26 PM
Vulnerability Rating
Custom Algorithm
spread
9.0impact
0.6exploitability
4.0remediation
7.7relevance
0.5threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.