Linux Kernel be2net Buffer Overflow Vulnerability in EEPROM Module Handling

Vulnerability

A buffer overflow vulnerability has been identified in the Linux kernel's be2net driver. The issue arises in the 'be_get_module_eeprom' function, which incorrectly assumes that it receives a buffer at least PAGE_DATA_LEN in size, or twice that if the module is SFF8472-compliant. This assumption is not always valid, leading to the potential overflow. The vulnerability can be exploited by manipulating the buffer size expectations during EEPROM module data reads, particularly transceiver data, creating a risk of memory corruption.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel be2net Buffer Overflow Vulnerability in EEPROM Module Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating