Linux Kernel iwlwifi Driver Vulnerability Allowing Buffer Overread

Vulnerability

A vulnerability in the Linux kernel's iwlwifi wireless driver can lead to a buffer overread. The issue arises because the driver does not ensure that strings read from firmware files are properly null-terminated. This lack of validation can cause the driver to read beyond the intended boundaries of the data, potentially accessing memory beyond the end of the file buffer. The vulnerability has been addressed by restricting the print format to align with the available buffer size.

Impact

Exploitation of this vulnerability can result in reading data beyond the allocated buffer, which may lead to memory corruption or unauthorized access to sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel iwlwifi Driver Vulnerability Allowing Buffer Overread

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating