Linux Kernel Out-of-Bounds Read Vulnerability in LDT Setup

Vulnerability

A vulnerability allowing an out-of-bounds read has been identified in the Linux kernel's LDT setup process. The issue arises because the 'data_count' parameter in 'syscall_stub_data()' is expected to represent the number of longs, not bytes. This misinterpretation leads to a stack-out-of-bounds read, as reported by the Kernel Address Sanitizer (KASAN). The vulnerability was observed in the kernel initialization process, specifically within the 'init_new_ldt' function, where the incorrect 'data_count' interpretation allows for unauthorized memory access.

Impact

Exploitation of this vulnerability causes a stack-out-of-bounds read, which can lead to information disclosure or potentially allow for further exploitation by overwriting function return addresses or other critical data on the stack.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Bounds Read Vulnerability in LDT Setup

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating