Impact
The Linux kernel contains a memory leak in the mt76 Wi‑Fi driver. Each receive queue maintains a page_pool even when it is not used for NAPI, such as certain WED RRO queues. When the module unloads, these page_pools are not destroyed, causing pages to remain allocated and the system’s free memory to shrink over time until the device is removed or the kernel becomes unstable.
Affected Systems
Any Linux kernel that compiles and loads the mt76 driver is affected. Neither the vendor nor the product scope is narrowed to a version, and no specific kernel release is mentioned. Systems that use a configuration including the mt76 module may experience the leak.
Risk and Exploitability
The CVSS score is 5.5 and the EPSS score is less than 1%, with no listing in CISA's KEV catalog. The likely attack vector is local, inferred from the requirement to unload the driver module; the vulnerability does not provide remote code execution or privilege escalation. Consequently, the risk of exploitation is low, and the impact remains confined to memory availability and device stability.
OpenCVE Enrichment