Linux Kernel Integer Overflow Vulnerability in DRM MSM GEM Submissions

Vulnerability

A vulnerability allowing integer overflow has been addressed in the Linux kernel's Direct Rendering Manager (DRM) for the MSM (Mobile Station Modem) graphics execution manager. The issue arose in the 'msm_ioctl_gem_submit()' function, where user-supplied 'submit->cmd[i].size' and 'submit->cmd[i].offset' variables, both of type u32, could lead to an integer wrapping bug. The vulnerability has been mitigated by using 'size_add()' to prevent such overflow.

Impact

Exploitation of this vulnerability could lead to an integer overflow, potentially allowing for memory corruption or other unintended behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Integer Overflow Vulnerability in DRM MSM GEM Submissions

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating