Impact
A kernel driver responsible for the atmel-aes cipher incorrectly releases only one of four allocated pages, leaking three kernel pages per use. The flaw is a heap‑based resource leak (CWE‑763) and can accumulate until physical memory is exhausted, potentially crashing the system or causing a denial of service.
Affected Systems
The issue resides in the Linux kernel’s atmel-aes driver. No specific release range is listed, but any kernel that contains the driver code prior to the corrections in the referenced commits is susceptible.
Risk and Exploitability
The vulnerability could be exploited by local code that repeatedly calls the atmel‑aes functionality, leading to progressive memory exhaustion. The CVSS score is 5.5 and the EPSS score is below 1%, indicating moderate severity and low exploitation probability. The flaw is not listed in the CISA KEV catalog. The most likely attack vector is local execution where the kernel module is available, and the impact is limited to availability through resource depletion.
OpenCVE Enrichment
Debian DLA
Ubuntu USN