Linux Kernel LAN78XX USB Network Driver Memory Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's LAN78XX USB network driver could lead to a memory leak of kernel contents. This issue arises because the packet length retrieved from the descriptor may exceed the actual length of the socket buffer. As a result, the cloned socket buffer passed up the network stack can inadvertently leak kernel memory. Additionally, this vulnerability allows for an integer underflow when the size is less than the Ethernet Frame Check Sequence length.

Impact

Exploitation of this vulnerability can cause unintended leakage of kernel memory contents, which could potentially be exploited to access sensitive information or manipulate kernel operations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel LAN78XX USB Network Driver Memory Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating