Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Runtime Power Management Reference Leak Vulnerability in I2C XIIC Driver

Vulnerability

A vulnerability exists in the Linux kernel's I2C XIIC driver, specifically in the 'xiic_xfer()' function, which improperly manages runtime power management (PM) references. When the function is called, it acquires a PM reference, which should be released upon exit. However, there is an error path that bypasses the release, causing a PM reference leak. This issue has been addressed by ensuring that the reference is properly released, even when the function exits due to an error.

Impact

The vulnerability could lead to a runtime power management reference leak, causing improper power management and potentially leading to increased power consumption or other related issues.

Reproduction

The vulnerability can be reproduced by invoking the 'xiic_xfer()' function in the I2C XIIC driver under conditions that trigger the error path, causing the function to exit prematurely without releasing the acquired runtime power management reference.

Remediation

Users can apply the available patch in the Linux kernel stable tree to address this vulnerability.

Added: Dec 30, 2025, 4:22 PM
Updated: Dec 30, 2025, 4:22 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.0
exploitability
4.3
remediation
7.7
relevance
1.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.