Linux Kernel vfio/platform Bounds Checking Vulnerability in Read/Write Syscalls

Vulnerability

A vulnerability in the Linux kernel's vfio/platform component allows for out-of-bounds read and write operations through unchecked syscall parameters. While the offset is limited to 40 bits, this can still be exploited to access memory beyond the device's allocated bounds.

Impact

Exploitation of this vulnerability could lead to unauthorized memory access, potentially allowing for arbitrary read or write operations outside the intended limits of the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel vfio/platform Bounds Checking Vulnerability in Read/Write Syscalls

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating