Linux Kernel SCMI Protocols Enumeration Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of the ARM SCMI base protocol enumeration has been addressed. The issue arose because the validation of the number of protocols returned by the BASE_DISCOVER_LIST_PROTOCOLS command was flawed. The check used a sum of unsigned integers that could overflow, potentially allowing the validation to be bypassed if the returned value was sufficiently large. The vulnerability has been fixed by improving the validation process to avoid such overflow issues.

Impact

Exploitation of this vulnerability could lead to improper validation of protocol enumeration, allowing for potential manipulation or misrepresentation of the protocols available on the SCMI platform.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCMI Protocols Enumeration Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating