The vulnerability resides in the Linux kernel’s Industrial I/O driver for the sca3000 device. When the driver’s probe routine requests an interrupt and later fails to register the device, the interrupt resource is not released. The missing error check allows a resource leak of a kernel interrupt, which can accumulate over time and eventually exhaust critical system resources or cause an interrupt storm, leading to degraded performance or service interruption. The weakness is a classic resource leak, specifically CWE‑772, coupled with an unchecked return value that would be identified as CWE‑391.

Affected systems are any deployments of the Linux kernel that include the sca3000 Industrial I/O driver. The problem is present in all kernel versions prior to the inclusion of the patch that added an error handler after a failed iio_device_register() call. No specific kernel release is listed, so any kernel branch that has not applied the update may be impacted.

The CVSS score is not provided and the EPSS score is marked as unavailable, indicating that the database does not quantify the severity or likelihood of exploitation. The vulnerability is not featured in the CISA Known Exploited Vulnerabilities catalog. Because the defect is internal to kernel driver initialization, the default attack vector is local or requires kernel module loading privileges; an attacker would need to trigger the probe path and force a registration failure to see the effect. In the absence of an active exploitation mechanism in public exploit databases, the practical risk is moderate, though repeated failures could trigger resource exhaustion and cause denial of service to the affected host.