Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Missing Memory Deallocation Vulnerability in fbdev vt8500lcdfb

Vulnerability

A vulnerability exists in the Linux kernel's framebuffer device (fbdev) driver for the vt8500lcdfb. The issue arises because the framebuffer's screen buffer is allocated using dma_alloc_coherent() but is not properly deallocated if an error occurs during the initialization process. This oversight can lead to memory leaks.

Impact

The vulnerability can cause memory leaks by failing to free allocated resources, which may lead to increased memory usage and potential exhaustion of available memory.

Reproduction

The vulnerability can be reproduced by loading the vt8500lcdfb framebuffer driver on a device that uses this driver. During the initialization of the driver, if an error occurs after the screen buffer has been allocated but before it has been freed, the memory allocated for the screen buffer will not be released, leading to a memory leak.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.

Added: May 6, 2026, 2:34 PM
Updated: May 6, 2026, 2:34 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
7.6
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.