Impact
This vulnerability involves a memory leak in the Linux kernel's Renesas I3C master driver. The xfer structure allocated by renesas_i3c_alloc_xfer() is never freed in renesas_i3c_i3c_xfers, a resource management flaw (CWE‑763). The leak causes the kernel to consume increasing amounts of memory with each I3C transfer, potentially exhausting memory and destabilising the system, which can lead to a denial‑of‑service.
Affected Systems
All Linux kernel releases that include the unpatched Renesas I3C master driver are affected. The advisory does not list specific version ranges, but the bug was fixed by recent kernel commits. Administrators should ensure their kernels contain the referenced patch commits or are up to date.
Risk and Exploitability
A local or privileged attacker can trigger the leak by repeatedly initiating I3C transfers. The EPSS score is less than 1%, indicating a very low exploitation probability, and the vulnerability is not listed in the CISA KEV catalogue. The lack of a CVSS score leaves severity somewhat uncertain, but kernel‑level memory exhaustion remains high impact. The exploit requires hardware that supports Renesas I3C and the driver to be loaded.
OpenCVE Enrichment