Volerion logoVolerion
Volerion logoVolerion

Linux Kernel USB Gadget LPC32XX UDC Debugfs Memory Leak Vulnerability

Vulnerability

A memory leak vulnerability has been identified in the USB gadget driver for the LPC32XX microcontroller, within the Linux kernel. The issue arises when the function 'debugfs_lookup()' is called; the result must be released with 'dput()' to prevent memory leakage over time. The vulnerability is present in the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, which can accumulate over time and potentially cause performance degradation or exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by using the USB gadget driver for the LPC32XX microcontroller in a Linux environment. When the driver is loaded, the 'debugfs_lookup()' function is called without properly releasing the memory using 'dput()'. This oversight creates a memory leak that persists as long as the driver is active.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest stable version to apply the fix.

Added: Sep 18, 2025, 2:23 PM
Updated: Sep 18, 2025, 2:23 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.