Impact
In the Linux kernel, a device_node reference returned by of_parse_phandle() is never freed in the EDAC/versalnet driver. The reference r5_core_node remains allocated on all exit paths, creating a memory leak. Over time, repeated invocations could accumulate unused memory, degrading system performance and potentially exhausting available memory, which may affect stability and availability.
Affected Systems
The vulnerability affects the Linux kernel, specifically the VersalNet EDAC driver that handles hardware error detection on Versal Net devices. Any system running a kernel build that contains this driver and does not include the patch will be susceptible.
Risk and Exploitability
The CVSS score of 5.5 indicates a moderate severity, while the EPSS score of <1% suggests a low likelihood of exploitation. This issue is not listed in the CISA KEV catalog. The risk remains primarily internal: a long‑running device that loads and unloads the EDAC/versalnet driver repeatedly could accumulate memory usage, but there is no known external attack vector or privilege escalation from the leak. Consequently, exploitation likelihood is considered low and the impact remains moderate, limited to resource exhaustion.
OpenCVE Enrichment
Ubuntu USN