Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Cassini Driver Memory Leak Vulnerability

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Cassini network driver. The issue arises in the error handling path of the 'cas_init_one()' function, where memory allocated by 'vmalloc()' is not properly freed if an error occurs during initialization. This oversight can lead to resource leaks, as the allocated memory remains unreturned. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the Cassini network driver and inducing an error during the initialization process. This can be done by simulating a failure in the 'cas_saturn_firmware_init()' function, which allocates memory that is not freed in the event of an error.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version to apply the fix.

Added: Sep 18, 2025, 4:52 PM
Updated: Sep 18, 2025, 4:52 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
5.7
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.