Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Workqueue Release Vulnerability in DSA/IAA Devices

Vulnerability

A vulnerability exists in the Linux kernel's handling of workqueues for DSA/IAA devices. When an object is freed, the associated workqueue is not properly released, potentially leading to resource management issues. This vulnerability has been addressed in the Linux kernel stable tree.

Impact

The vulnerability could result in a workqueue not being released when an associated object is freed, which may cause resource leaks or other unintended behavior in the system.

Reproduction

The vulnerability can be reproduced by creating a DSA/IAA device and then freeing the associated object without releasing the workqueue. This can be done by modifying the device's release function to omit the workqueue cleanup, which is the behavior that the patch addresses.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: May 5, 2026, 4:53 PM
Updated: May 5, 2026, 4:53 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
3.9
remediation
7.7
relevance
7.5
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.