Linux Kernel IRQ Affinity Hint Vulnerability in STMMAC Network Driver

Vulnerability

A vulnerability in the Linux kernel's STMMAC network driver was addressed, concerning improper management of the IRQ affinity hint. The issue arose because the cpumask was defined as a local variable, while its pointer could be accessed from procfs after being saved to irq_desc, potentially leading to the use of freed memory. The vulnerability has been resolved by ensuring the cpumask is persistent, using cpumask_of(cpu#) to maintain its validity.

Impact

Exploitation of this vulnerability could lead to use-after-free conditions, where freed memory is accessed, potentially causing memory corruption or allowing for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel IRQ Affinity Hint Vulnerability in STMMAC Network Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating