Linux Kernel Block Device Minor Number Overflow Vulnerability

Vulnerability

A vulnerability in the Linux kernel's block device handling can lead to an overflow issue. The problem arises in the function blk_alloc_ext_minor(), which allocates minor device numbers within a specified range. The highest minor number, NR_EXT_DEVT, is returned by this function and is used in device_add_disk() to set the device's identifier. Since NR_EXT_DEVT represents the total number of extended device types, this can cause an overflow if not properly managed.

Impact

Exploitation of this vulnerability could result in a minor number overflow, potentially leading to incorrect device management or system instability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Block Device Minor Number Overflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating