Linux kernel
Moderate fix1 remedy
cpe:2.3:o:kernel:linux_kernel:*:*:*:*:*:*:*
Moderate fix1 remedy
Linux Kernel Arizona MFD Driver Reference Count Leak Vulnerability
Vulnerability
Patched
A vulnerability in the Linux kernel's Arizona MFD driver has been addressed. The issue was a reference count leak in the function 'arizona_clk32k_enable()'. The vulnerability arose because the function used 'pm_runtime_get_sync()', which improperly increased the reference count even when an error occurred. This leak could potentially lead to resource management issues.
Impact
The vulnerability could cause a reference count leak, leading to improper resource management.
Reproduction
The vulnerability can be reproduced by calling the 'arizona_clk32k_enable()' function in the Arizona MFD driver. The function will use 'pm_runtime_get_sync()', which increases the reference count incorrectly, even when it returns an error. This behavior creates a reference count leak that can be exploited.
Remediation
The vulnerability has been fixed by changing the function to use 'pm_runtime_resume_and_get()', which correctly manages the reference count. Users should update to the latest version of the Linux kernel where this fix has been applied.
Added: Sep 18, 2025, 4:41 PM
Updated: Sep 18, 2025, 4:41 PM
Vulnerability Rating
Custom Algorithm
spread
9.0impact
2.5exploitability
4.3remediation
7.7relevance
0.5threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.