Linux Kernel SMC Vulnerability in Proposal Message Handling

Vulnerability

A vulnerability exists in the Linux kernel's SMC (Shared Memory Communication) implementation, specifically in how proposal messages from remote clients are processed. The vulnerability arises because the 'iparea_offset' and 'ipv6_prefixes_cnt' fields in the proposal messages are not fully trusted. If the 'iparea_offset' exceeds a certain limit, it could lead to accessing incorrect memory addresses, potentially causing a crash. This issue has been addressed by adding checks for 'iparea_offset' and 'ipv6_prefixes_cnt' before they are used.

Impact

Exceeding the maximum value of 'iparea_offset' could lead to accessing wrong memory addresses, causing a crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SMC Vulnerability in Proposal Message Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating