The vulnerability resides in the Linux kernel’s Tegra SPI driver, specifically in the tegra_slink_probe function. When calling platform_get_irq fails, the function returns immediately, bypassing cleanup and leaving allocated resources in memory. Although this flaw cannot be directly leveraged for code execution or privilege escalation, repeated failures can deplete kernel memory over time, potentially degrading system performance, triggering out‑of‑memory conditions, or causing system instability. The weakness is a classic example of a memory leak, which can be especially problematic on embedded Tegra platforms with limited memory budgets.

The flaw affects Linux kernels that include the tegra_slink probe, typically found in NVIDIA Tegra-based devices and distributions that ship a Tegra‑capable kernel. Specific versions are not enumerated in the report, but any kernel build that contains the tegra_slink driver prior to the patch commit will be susceptible. Users should consult their distribution’s kernel changelog or the referenced commit URLs to confirm whether the local kernel includes the fix.

The CVE carries a very low exploitation probability, as evidenced by an EPSS score of less than 1%, and it is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring the attacker to trigger errors in the platform_get_irq path, which is generally limited to privileged system operations or manufacturing conditions. Because the issue is a resource exhaustion flaw rather than an immediate security breach, the overall threat remains low to moderate but warrants remediation to preserve system reliability.