Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Clock Management Memory Leak Vulnerability in Mediatek Drivers

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Mediatek clock management driver. The issue arises in the 'mtk_clk_simple_probe()' function, where the 'base' variable, obtained from 'of_iomap()', is not released under certain error conditions. This oversight can lead to a memory leak. The vulnerability affects the Linux kernel stable tree and has been addressed in a recent commit.

Impact

The vulnerability can cause a memory leak, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading a Mediatek clock provider that does not have associated clock data. The 'mtk_clk_simple_probe()' function will be called, and if it encounters an error while processing, the 'base' variable will not be properly released, causing a memory leak.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability.

Added: Sep 18, 2025, 5:12 PM
Updated: Sep 18, 2025, 5:12 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.