Linux Kernel QAT DHReject Request Integer Underflow Vulnerability

Vulnerability

A vulnerability in the Linux kernel's crypto subsystem, specifically related to the QuickAssist Technology (QAT) driver, has been addressed. The issue involved a lack of parameter validation for DHReject requests when the source buffer exceeded the key size. This oversight could lead to an integer underflow during the process of copying the source scatterlist into a linear buffer.

Impact

Exploitation of this vulnerability could have caused an integer underflow, potentially leading to memory corruption or other unintended behavior in the kernel.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel QAT DHReject Request Integer Underflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating