Linux Kernel XDP Vulnerability: Device-Bound Programs in Generic Mode

Vulnerability

A vulnerability in the Linux kernel's XDP (eXpress Data Path) implementation allows device-bound programs to be attached in generic mode, which is not supported. Device-bound programs rely on driver-specific metadata functions that require the driver context to operate correctly. When these programs are attached in generic mode, the metadata functions can be called in an invalid context, leading to crashes. This issue has been addressed by adding a check to prevent the attachment of device-bound programs in generic mode.

Impact

Attaching device-bound programs in generic XDP mode can cause system crashes by invoking driver-specific metadata functions in an inappropriate context.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel XDP Vulnerability: Device-Bound Programs in Generic Mode

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating