In the Linux kernel’s rtw88 Wi‑Fi driver, a memory allocation performed in rtw_register_hw() was not released when the driver encountered an error. The allocation used a manual kmemdup that required explicit free; the error path omitted this cleanup, creating a memory leak. The fix replaces the allocation with a device‑managed devm_kmemdup, which automatically frees the memory when the driver unloads or on error. This weakness matches CWE‑368 and can cause kernel memory exhaustion over time, potentially leading to a panic or forced reboot. The flaw does not enable arbitrary code execution or data disclosure.

The vulnerability affects all Linux kernel versions that ship the rtw88 driver without the commit that changes rtw_set_supported_band() to use devm_kmemdup. This assessment is inferred from the commit references, as specific affected versions are not listed in the CVE data. The rtw89 driver contains a similar issue, so kernels with that module without the commit are also affected. Distribution‑specific kernel packages should verify whether the change is already present before deciding on remediation. The known CNA vendors list includes Linux: Linux, confirming the entire kernel is impacted.

The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, indicating no known public exploitation. However, the memory leak can be exercised by any process that is able to trigger an error condition in the driver – for example, by loading, unloading, or reinitializing the Wi‑Fi module. Based on the description, it is inferred that the attack requires local access to the system, at most requiring elevated privilege to load the driver. Repeated exploitation can eventually exhaust kernel memory, causing a denial of service. Because no arbitrary code execution is possible, the risk is limited to local privilege or root, but the potential outage can be severe.