Linux Kernel Out-of-Bounds Read Vulnerability in MSM8916 Devices

Vulnerability

A vulnerability in the Linux kernel's handling of SOCINFO data on MSM8916 devices can lead to an out-of-bounds read of the serial number. The issue arises because the firmware version 0.8 does not support the serial number field, yet the kernel incorrectly exposes a constant serial number by reading beyond the intended bounds. This flaw allows access to arbitrary data following the SOCINFO structure in shared memory.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, potentially leading to information disclosure by exposing sensitive data from memory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Bounds Read Vulnerability in MSM8916 Devices

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating