A flaw in the Linux kernel’s vc4 DRM driver causes a memory leak when the hang‑state capturing function returns early without freeing a previously allocated kernel block. The cumulative effect of repeated leaks can exhaust kernel memory, potentially rendering the system unresponsive or crashing the kernel. This vulnerability does not allow direct code execution, but it enables a local entity to degrade or deny service by repeatedly triggering the leak path.

Any Linux system that includes the vc4 DRM driver is affected. The known affected products are the Linux kernel itself, with a range of versions up to at least 7.0‑rc7 and any earlier kernels containing the unpatched code before the referenced commit adds the missing kfree() calls. Since no specific version range is supplied, all kernels that ship the vulnerable vc4 code prior to the fix should be considered at risk.

The EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of widespread exploitation to date. The likely attack vector is a local user or process that can interact with the Vulkan or DRM subsystem to trigger the leaked path, as inferred from the description. The CVSS score of 5.5 reflects moderate severity; the main risk is resource exhaustion leading to potential denial of service if the leak is repeatedly triggered by an attacker.