In the Linux kernel, the GET_DATA_DIRECT_SYSFS_PATH handler in the RDMA/mlx5 driver allocates memory for a device path using kobject_get_path(). When the path length exceeds the output buffer, the function returns -ENOSPC but leaves the allocated memory unfreed, creating a memory leak. Over time, repeated invocations of this path can consume kernel memory, eventually leading to resource exhaustion and a potential denial of service. This flaw represents a classic resource management weakness and is classified as a memory leak (CWE-401).

All Linux kernel implementations that include the RDMA/mellanox mlx5 driver prior to the posted fix. Because the affected code originates in the mainline kernel, any derivative release that has not applied the patch is presumed vulnerable. Users of RDMA uverbs utilities that interact with the kernel’s GET_DATA_DIRECT_SYSFS_PATH interface, such as rdma-core tools, may expose the kernel to the leak if they generate errors. The vendor also lists the Linux kernel as the affected product, with no specific version delimiters, so the entire vulnerable code base spans all mainline kernels before the patch.

The vulnerability does not currently have an EPSS score or a presence in the CISA KEV catalog, indicating limited known exploitation. The CVSS score is not published; however, the nature of the flaw—memory exhaustion triggered by a controllable kernel API—offers a moderate to high impact if an attacker can repeatedly invoke the victim function. The likely attack vector is local or requires elevated privileges to interact with the RDMA/IB verbs interface; remote exploitation would need a privileged foothold or compromise of the system. The exploitability is bounded by the attacker’s ability to generate numerous erroneous GET_DATA_DIRECT_SYSFS_PATH calls. Sustained use could induce kernel memory pressure, swapping, or a crash, resulting in a denial of service for the host.