Linux Kernel DPAA2 Ethernet Invalid Virtual Address Use Vulnerability

Vulnerability

A vulnerability in the Linux kernel's DPAA2 Ethernet driver can lead to a use-after-free issue. The vulnerability arises because the TCP Segmentation Offload (TSO) header was DMA-unmapped before the virtual address was retrieved, resulting in an invalid address being used in a memory deallocation call. This issue has been addressed by modifying the order of operations to retrieve the virtual address before unmapping the DMA.

Impact

Exploitation of this vulnerability can cause a kernel paging request error, indicating a use-after-free condition that could potentially be exploited to execute arbitrary code in the kernel context or cause a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel DPAA2 Ethernet Invalid Virtual Address Use Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating