Linux Kernel ath5k Out-of-Bounds Write Vulnerability in EEPROM Read Function

Vulnerability

A vulnerability allowing out-of-bounds writes has been identified in the Linux kernel's ath5k wireless driver. This issue arises in the 'ath5k_eeprom_read_pcal_info_5111' function, where the index can exceed the expected range, leading to memory corruption. The vulnerability was discovered through fuzzing, which revealed that when certain conditions are met, the index can go beyond the limit of available data curves, causing a write operation to an invalid memory address. This out-of-bounds write could be exploited to manipulate memory, potentially leading to arbitrary code execution or other malicious outcomes.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds memory write, which can lead to memory corruption and potentially allow for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ath5k Out-of-Bounds Write Vulnerability in EEPROM Read Function

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating