Linux Kernel PDS Core Command Handling Vulnerability Leading to Information Disclosure and Denial-of-Service

Vulnerability

A vulnerability in the Linux kernel's PDS core command handling can lead to information disclosure and a potential denial-of-service. When the firmware does not support the PDS_CORE_CMD_FW_CONTROL command, the driver may either display incorrect information or crash. This issue arises because a stack variable is not properly initialized, causing the driver to access out-of-bounds array elements. The vulnerability can be triggered by executing the 'devlink dev info' command when the firmware command is unsupported.

Impact

Exploitation of this vulnerability can cause the system to crash or disrupt normal operations by causing a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PDS Core Command Handling Vulnerability Leading to Information Disclosure and Denial-of-Service

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating