Linux Kernel Spectre V1 Vulnerability in IP Metrics Conversion

Vulnerability

A vulnerability allowing a Spectre v1 attack has been addressed in the Linux kernel. The issue was in the IPv4 metrics conversion function, where the 'type' variable was used as an array index. This could potentially allow CPU speculation to leak kernel memory contents. The vulnerability has been resolved by adding checks to prevent improper array indexing that could be exploited.

Impact

Exploitation of this vulnerability could lead to a Spectre v1 attack, allowing for speculative execution that could leak sensitive kernel memory contents.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Spectre V1 Vulnerability in IP Metrics Conversion

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating