Primary

Context

Linux Kernel Array Index Out-of-Bounds Vulnerability in Block Layer

Vulnerability

A vulnerability in the Linux kernel's block layer has been addressed, which involved improper handling of offline queues in the function blk_mq_alloc_request_hctx(). This flaw could be triggered by the test nvme/004, leading to a undefined behavior sanitization (UBSAN) error for array index out-of-bounds. The issue arose because the index exceeded the allocated range for a specific data type, causing potential memory access violations.

Impact

Exploitation of this vulnerability could lead to array index out-of-bounds errors, allowing for memory corruption or unauthorized memory access.

Reproduction

The vulnerability can be reproduced by running the NVMe test suite, specifically the test case 'nvme/004', which triggers the array index out-of-bounds error in the block layer's request handling function.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Array Index Out-of-Bounds Vulnerability in Block Layer

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating