Primary

Context

Linux Kernel Memory Leak Vulnerability in PHY LED Trigger Code

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's PHY LED trigger code, leading to an out-of-memory condition. This issue arises from improper use of the devm API, causing the registration and unregistration functions to be called multiple times for the same PHY device without freeing the allocated memory. The memory leak goes undetected by kmemleak, as the devm API internally manages the allocated pointer.

Impact

The vulnerability causes a memory leak that can lead to an out-of-memory condition, potentially causing a denial-of-service situation by exhausting system resources.

Remediation

The vulnerability has been addressed by replacing devm_kzalloc and devm_kcalloc with standard kzalloc and kcalloc functions, and adding the corresponding kfree calls in the unregistration process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Memory Leak Vulnerability in PHY LED Trigger Code

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating