Primary

Context

Linux Kernel Integer Overflow Vulnerability in ROSE Protocol Socket Options Handling

Vulnerability

An integer overflow vulnerability has been identified in the Linux kernel's handling of socket options for the ROSE protocol. This issue arises in the 'rose_setsockopt()' function, where large arguments can be unpredictably passed and multiplied by additional values, leading to potential overflows. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to integer overflow, which may be leveraged to cause buffer overflows or other unintended behavior in the kernel.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users should upgrade to the latest version where this issue has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Integer Overflow Vulnerability in ROSE Protocol Socket Options Handling

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating