Linux Kernel ibmvnic Driver Buffer Overflow Vulnerability

Vulnerability

A buffer overflow vulnerability has been identified in the Linux kernel's ibmvnic driver. The issue arises when the driver prints hexadecimal dumps of data buffers. If the buffer size is not a multiple of eight bytes, this can lead to a read buffer overflow. The vulnerability has been addressed by creating a new function in the ibmvnic driver that properly handles buffer sizes and uses kernel helpers to safely perform hex dumps. This patch resolves reports from the Kernel Address Sanitizer (KASAN) regarding slab-out-of-bounds errors, which indicated that the driver was reading beyond the allocated memory limits.

Impact

Exploitation of this vulnerability could lead to a buffer overflow, allowing for potential arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ibmvnic Driver Buffer Overflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating