A memory leak exists in the Linux kernel’s ti_fpc202 driver when the probe function fails to properly release device node references. The upstream fix replaces manual reference handling with for_each_child_of_node_scoped(), automatically freeing references when the loop scope ends. If the flaw remains active, repeated invocation of the probe routine could gradually consume kernel memory and potentially destabilize or crash the kernel. The vulnerability does not provide a direct code‑execution pathway; it simply undermines kernel stability.

All Linux kernel builds that include the ti_fpc202 driver and predate the commit that introduced automatic reference release are affected. This includes every distribution that ships a kernel without the patch. The vendor is the Linux kernel community, and the mitigation is delivered through the normal upstream release process.

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a very low but non‑zero likelihood of exploitation. Exploitation requires the attacker to trigger the probe routine, usually by local privilege or kernel execution. The likely attack vector is a locally privileged user or an application that can cause the driver’s probe function to execute repeatedly. If the leak is exercised, kernel memory exhaustion could lead to crashes or a denial‑of‑service scenario. This vulnerability is not listed in CISA’s KEV catalog and no public exploits are known.