Primary

Context

Linux Kernel Slab-Out-Of-Bounds Write Vulnerability in UDF File System

Vulnerability

A slab-out-of-bounds write vulnerability has been identified in the Linux kernel's UDF (Universal Disk Format) file system, specifically in the 'udf_find_entry' function. This vulnerability allows for a write operation that exceeds the allocated memory buffer, potentially leading to memory corruption. The issue was reported by Syzbot and is present in Linux kernel version 6.1.0-rc2.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds write, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a UDF file system image that triggers the 'udf_find_entry' function to write beyond the allocated memory buffer. This can be done using a tool like 'Syzbot' that automates the process of finding and exploiting such vulnerabilities in the Linux kernel.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Slab-Out-Of-Bounds Write Vulnerability in UDF File System

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating