The Linux kernel's hwmon driver for the nct7363 chipset contains a reference count leak that occurs during device‑tree phandle parsing. When of_parse_phandle_with_args is called, a reference to a device node is created, but the code path nct7363_present_pwm_fanin fails to release it with of_node_put. Over time, repeated fan control operations can cause the driver to accumulate unreleased nodes, consuming kernel memory and driver resources, which may lead to kernel instability or a denial of service. This flaw is a classic resource exhaustion vulnerability, classified under CWE‑911 and CWE‑401.

All Linux distributions that ship a kernel version lacking the upstream commit fixing this leak are affected. The CPE strings list only the generic Linux kernel, indicating that any vendor kernel that has not applied the patch is vulnerable, regardless of distribution or specific patch level. No particular kernel versions are enumerated, so the vulnerability applies to all current kernels prior to the fix.

The CVSS score is 5.5, and the EPSS score is <1%; the vulnerability is not listed in CISA's KEV catalog. This is a local kernel bug that generally requires a process with elevated privileges or local access to the target system to repeatedly invoke the faulty fan control path. An attacker with such access could use the leak to drain kernel memory over time, leading to a local denial of service. Remote exploitation is not feasible, but the potential impact is significant for environments that rely on real‑time or mission‑critical Linux systems.