Volerion logoVolerion
Volerion logoVolerion

Linux Kernel VDPA Queue Index Attribute Length Check Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Virtual Data Path Accelerator (VDPA) management can lead to an out-of-bounds read. This issue arises because the VDPA Netlink policy, which validates incoming messages, previously lacked a proper length check for the queue index attribute. Without this validation, it was possible for an illegal Netlink attribute to be created after parsing, similar to the issue described in CVE-2023-3773. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can be exploited to read memory out of the intended bounds, potentially leading to information disclosure or other memory-related issues.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed. Instructions for downloading the patched version are available in the Linux kernel documentation.

Added: Dec 24, 2025, 12:38 PM
Updated: Dec 24, 2025, 12:38 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.0
remediation
7.7
relevance
1.7
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.