Linux Kernel Shift-Out-Of-Bounds Vulnerability in Memory Compaction

Vulnerability

A shift-out-of-bounds vulnerability has been identified in the Linux kernel's memory compaction code. This issue arises in the 'isolate_freepages_block()' function, where the compound_order can be manipulated to any value due to its union with flags. The vulnerability triggers a Undefined Behavior Sanitizer (UBSAN) warning. The warning has been addressed by reinstating a maximum page order check.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the kernel, potentially causing memory corruption or other unintended consequences.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Shift-Out-Of-Bounds Vulnerability in Memory Compaction

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating