The Linux kernel’s NCSI driver contains a flaw where certain error‑handling paths in the NCSI RX and AEN handlers return prematurely without freeing the socket buffer (skb) that holds incoming packets, resulting in a memory leak. This defect, classified as CWE-772, could, over time, consume kernel address space and potentially trigger a denial of service by exhausting available memory. The description indicates that the bug does not directly expose confidential data; however, persistent exploitation can degrade system stability.

All Linux kernel builds that compile the NCSI driver are affected. The issue resides in the core driver code, so any kernel that includes the NCSI subsystem without the recent patch can be vulnerable. Administrators should verify whether their kernel originates from the mainline and whether the NCSI module is enabled.

The CVSS score is not published and the EPSS score is unavailable, so the precise risk level cannot be quantified. The vulnerability is not listed in CISA KEV, indicating no known active exploits. Based on the description, it is inferred that an attacker would need to trigger the early‑return paths by sending malformed or invalid NCSI packets to the target system. If the attacker has local or privileged access, they can repeatedly generate such traffic, gradually exhausting kernel memory. A remote attacker would need the ability to send raw NCSI traffic to the target, which is less common but still possible on exposed interfaces. The longer the flaw remains unpatched, the greater the likelihood that uncontrolled memory consumption will lead to system instability.