Linux Kernel Devlink Component Error Handling Vulnerability in xa_alloc_cyclic()

Vulnerability

A vulnerability in the Linux kernel's devlink component was introduced by improper error handling in the xa_alloc_cyclic() function. When xa_alloc_cyclic() returned a value of 1, indicating a wraparound, the function erroneously returned ERR_PTR(1). This mistake led to a false negative when checked with IS_ERR(), potentially allowing a dereference of an unallocated pointer. The issue was not observed in real-world scenarios but was identified during code review.

Impact

The vulnerability could lead to a use-after-free condition by allowing the dereferencing of an unallocated pointer, which can cause memory corruption or arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Devlink Component Error Handling Vulnerability in xa_alloc_cyclic()

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating