Linux Kernel XSK Integer Overflow Vulnerability in XDP Buffer Management

Vulnerability

An integer overflow vulnerability has been identified in the Linux kernel's XSK (eXpress Data Path) implementation, specifically within the 'xp_create_and_assign_umem()' function. This vulnerability arises because the 'i' and 'pool->chunk_size' variables are both of type 'u32', allowing their product to wrap around and be incorrectly cast to 'u64'. As a result, it is possible for two different XDP buffers to reference the same memory area, potentially leading to memory corruption or other unintended behavior.

Impact

Exploitation of this vulnerability could result in two XDP buffers pointing to the same memory area, which may lead to memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel XSK Integer Overflow Vulnerability in XDP Buffer Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating