Linux Kernel ARPMB Command Handling Vulnerability in UFS SCSI Core BSG

Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's handling of the ARPMB command within the UFS SCSI core BSG module. When the UFS BSG execution of advanced ARPMB requests fails, the kernel crashes by improperly copying user data, leading to a memory management error. This issue arises because the device's lack of support for the ARPMB command is not properly handled, causing a crash instead of a graceful error response.

Impact

Exploitation of this vulnerability leads to a kernel crash, causing a denial-of-service condition on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ARPMB Command Handling Vulnerability in UFS SCSI Core BSG

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating