Impact
In the Linux kernel block subsystem, a flaw in blk_revalidate_disk_zones causes memory allocated for disk zone revalidation to leak when the routine fails after allocating args.zones_cond. The omission of a cleanup path means that each failure gradually consumes more RAM, potentially leading to resource exhaustion. The weakness is a memory leak involving unreleased resources (CWE-772), which can degrade system stability without granting direct data or code compromise.
Affected Systems
All Linux kernel releases prior to inclusion of commit 29153d128384fa7c48a8ca8d34094b1cbe2d5bdc are vulnerable. The defect exists in the block module across all distributions that ship the unpatched kernel; any system running a pre‑patch kernel version is at risk.
Risk and Exploitability
The CVSS score of 5.5 indicates a medium severity vulnerability, and no EPSS score is available, so existing data does not indicate a high probability of exploitation. The issue is not listed in CISA KEV. Based on the description, it is inferred that the attack vector is local, requiring the ability to trigger a disk zone revalidation failure, such as by manipulating disk configuration or performing operations that exercise the failing path. Because the flaw only causes memory depletion, repeated exploitation could lead to a denial‑of‑service condition but does not provide direct data compromise.
OpenCVE Enrichment