Linux Kernel Bitmap Allocation Size Vulnerability in PowerPC XIVE SPAPR

Vulnerability

A vulnerability in the Linux kernel's PowerPC XIVE SPAPR implementation has been identified, related to incorrect bitmap allocation sizes. This flaw was detected by KASAN, which reported a 'slab-out-of-bounds' error. The issue arises because the allocation mistakenly uses bits as the unit, rather than the appropriate size in bytes. As a result, the allocated memory can be smaller than expected, leading to invalid memory accesses. This vulnerability was introduced in version 5.19.0-rc2 and has been addressed in subsequent releases.

Impact

Exploitation of this vulnerability causes a 'slab-out-of-bounds' access, where memory beyond the allocated buffer is read, potentially leading to information disclosure or other memory corruption issues.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bitmap Allocation Size Vulnerability in PowerPC XIVE SPAPR

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating