Impact
The ASoC STI driver in the Linux kernel has a memory leak flaw: regmap_field objects allocated during audio player initialization are never freed, especially when the driver is removed. Continued load/unload cycles can accumulate unreleased kernel resources, potentially exhausting memory, destabilizing the system, and in extreme cases causing a kernel crash or denial of service.
Affected Systems
This vulnerability affects any Linux system that runs a kernel containing the unpatched ASoC STI driver code. The vendor list is generic (Linux: Linux) and no specific kernel version range is provided, which means any distribution shipping the affected driver without the devm_regmap_field_alloc change is potentially vulnerable.
Risk and Exploitability
The EPSS score is reported as < 1% and the issue is not listed in CISA KEV, indicating a very low likelihood of exploitation. The attack vector is inferred to be local; an attacker would need to repeatedly load and unload the driver, or cause multiple driver unload events, to trigger the leak. While automated exploitation is unlikely, sustained misuse could deplete kernel resources over time, leading to a denial of service. The CVSS score is not provided, but the potential impact is significant if the resource exhaustion reaches critical levels.
OpenCVE Enrichment
Debian DLA