Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Refcount Leak Vulnerability in LED Management

Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's LED management system. The issue arises in the 'of_led_get()' function, which calls 'class_find_device_by_of_node()'. This call increases the reference count of the device, but the reference is not properly released when no longer needed. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a refcount leak, where the reference count of a device is not properly managed, potentially causing memory management issues.

Reproduction

The vulnerability can be reproduced by calling the 'of_led_get()' function with a device node that is managed by the LED class. The function will increase the reference count of the device without properly releasing it, creating a refcount leak.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.

Added: Dec 30, 2025, 4:05 PM
Updated: Dec 30, 2025, 4:05 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.0
exploitability
4.3
remediation
7.7
relevance
1.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.