Description
In the Linux kernel, the following vulnerability has been resolved:

i3c: master: renesas: Fix memory leak in renesas_i3c_i3c_xfers()

The xfer structure allocated by renesas_i3c_alloc_xfer() was never freed
in the renesas_i3c_i3c_xfers() function. Use the __free(kfree) cleanup
attribute to automatically free the memory when the variable goes out of
scope.
Published: 2026-06-24
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability involves a memory leak in the Linux kernel's Renesas I3C master driver. The xfer structure allocated by renesas_i3c_alloc_xfer() is never freed in renesas_i3c_i3c_xfers, a resource management flaw (CWE‑763). The leak causes the kernel to consume increasing amounts of memory with each I3C transfer, potentially exhausting memory and destabilising the system, which can lead to a denial‑of‑service.

Affected Systems

All Linux kernel releases that include the unpatched Renesas I3C master driver are affected. The advisory does not list specific version ranges, but the bug was fixed by recent kernel commits. Administrators should ensure their kernels contain the referenced patch commits or are up to date.

Risk and Exploitability

A local or privileged attacker can trigger the leak by repeatedly initiating I3C transfers. The EPSS score is less than 1%, indicating a very low exploitation probability, and the vulnerability is not listed in the CISA KEV catalogue. The lack of a CVSS score leaves severity somewhat uncertain, but kernel‑level memory exhaustion remains high impact. The exploit requires hardware that supports Renesas I3C and the driver to be loaded.

Generated by OpenCVE AI on June 27, 2026 at 04:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that contains the commit fixing the memory leak.
  • If an update cannot be applied immediately, consider disabling the Renesas I3C master driver or limiting its use until the patch is installed, and reboot the system to recover freed memory.
  • Monitor system memory usage and I3C transfer activity to detect abnormal memory consumption and intervene before resource exhaustion occurs.

Generated by OpenCVE AI on June 27, 2026 at 04:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Sat, 27 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesas_i3c_i3c_xfers() The xfer structure allocated by renesas_i3c_alloc_xfer() was never freed in the renesas_i3c_i3c_xfers() function. Use the __free(kfree) cleanup attribute to automatically free the memory when the variable goes out of scope.
Title i3c: master: renesas: Fix memory leak in renesas_i3c_i3c_xfers()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:29:38.158Z

Reserved: 2026-06-09T07:44:35.380Z

Link: CVE-2026-53030

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53030 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T05:00:12Z

Weaknesses
  • CWE-763

    Release of Invalid Pointer or Reference