Linux Kernel Out-of-Bounds Read Vulnerability in MTK Ethernet Driver

Vulnerability

An out-of-bounds read vulnerability has been identified in the Linux kernel's MTK Ethernet driver. The issue arises in the 'mtk_hwlro_get_fdir_entry()' function, where the 'fsp->location' variable, sourced from user input via 'ethtool_get_rxnfc()', is not properly validated. This lack of validation allows for the out-of-bounds read condition to occur.

Impact

Exploitation of this vulnerability leads to an out-of-bounds read, which can potentially be used to read sensitive information from memory or cause a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Bounds Read Vulnerability in MTK Ethernet Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating