Linux Kernel RCU-Based Socket Lookup Vulnerability in MCTP

Vulnerability

A vulnerability has been addressed in the Linux kernel's handling of socket lookups for the Management Component Transport Protocol (MCTP). The issue arose because the socket binding lookup process was not properly synchronized, allowing a socket to be removed during the lookup, which could lead to unexpected behavior or errors.

Impact

Exploitation of this vulnerability could cause issues during socket lookups, potentially leading to errors or instability in applications using MCTP.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel RCU-Based Socket Lookup Vulnerability in MCTP

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating