Linux Kernel Information Leak Vulnerability in ACRN Hypervisor PM Command IOCTL

Vulnerability

A vulnerability in the Linux kernel's ACRN hypervisor component has been addressed, which could lead to information leakage. The issue arose in the 'pmcmd_ioctl' function, where three memory objects allocated by kmalloc were not properly initialized before being copied to user space. This lack of initialization created a risk of unintentional data exposure, as the uninitialized bytes could contain sensitive information.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure, allowing an attacker to access sensitive data that should not be available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Information Leak Vulnerability in ACRN Hypervisor PM Command IOCTL

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating