The kernel driver for Iris Gen1 devices fails to free internal buffers after the firmware issues a release response. As a result, allocations that are no longer required accumulate, especially when the device changes resolution and new buffers are allocated. The driver never releases those stale buffers, causing a memory leak that grows over time until the session ends. The consequence is increased memory utilization and potential exhaustion of the system's memory pool. No direct privilege escalation, data disclosure, or denial of service is provided by the flaw; the impact is primarily an availability issue due to resource exhaustion.

Any Linux kernel running the Iris Gen1 media driver is affected. The exact kernel versions that contain the issue are not listed in the advisory; however, the bug resides in the Iris Gen1 driver implementation, which is a core component of the media subsystem. Systems that load the iris Gen1 module for hardware acceleration or camera support are at risk. Updating to a kernel that includes the patch is the recommended fix. Until then, disabling or blacklisting the iris Gen1 driver will prevent the stale buffer allocations.

The vulnerability is not listed in CISA's KEV catalog and no EPSS score is available, indicating low to medium exploitation probability. The flaw requires repeated interaction with the affected device by a local user; it does not provide remote code execution or privilege escalation. The primary risk is availability through gradual memory saturation, which can occur over prolonged use or in constrained environments. The risk remains modest if system memory is ample, but could become critical in servers or embedded devices where memory is limited.