Linux Kernel Out-of-Bounds Memory Access Vulnerability in Venus HFI Parser

Vulnerability

A vulnerability allowing out-of-bounds memory access has been identified in the Linux kernel's Venus HFI parser. The issue arises because the 'words_count' variable, which indicates the total number of words in the payload, can lead to memory access beyond the intended limits when it reaches the last word. This out-of-bounds access can potentially be exploited. The vulnerability has been addressed by refactoring the HFI packet parsing logic. The updated parsing utility now accurately reports the size of the data consumed, allowing for a proper calculation of remaining bytes before parsing the payload, thereby eliminating the possibility of out-of-bounds access.

Impact

Exploitation of this vulnerability could lead to unauthorized memory access, potentially allowing for arbitrary code execution or causing a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Bounds Memory Access Vulnerability in Venus HFI Parser

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating