Linux Kernel Ice Driver Packet Length Validation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's ice driver has been addressed, which involved the improper handling of untrusted packet length values in the function 'ice_vc_fdir_parse_raw()'. The issue arose because the raw packet length was not adequately verified before being used, potentially allowing for exploitation. The vulnerability has been resolved by adding a check to ensure that the packet length does not exceed the maximum allowed size for raw packets.

Impact

The vulnerability could have led to improper validation of packet lengths, potentially allowing for exploitation through malformed packets.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Ice Driver Packet Length Validation Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating