Primary

Context

Linux Kernel PCI Power Control Double Cleanup Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's PCI power control driver can lead to improper resource management. When the function 'devm_add_action_or_reset()' fails, it triggers a cleanup process. The current implementation mistakenly allows for a double cleanup by reusing a label meant for error handling. This issue has been addressed by modifying the error handling to prevent redundant cleanup actions.

Impact

The vulnerability could cause resource leaks or undefined behavior due to improper cleanup management, potentially leading to system instability.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability.

Added: Nov 12, 2025, 11:47 AM

Updated: Nov 12, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PCI Power Control Double Cleanup Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating