Linux Kernel INFTL Out-of-Bounds Read Vulnerability in MTD Subsystem

Vulnerability

A vulnerability has been identified in the Linux kernel's MTD (Memory Technology Device) subsystem, specifically within the INFTL (Inverse NAND Flash Translation Layer) component. The issue arises because the function 'INFTL_findwriteunit()' does not properly check the return value of 'inftl_read_oob()'. This oversight can lead to incorrect behavior, as 'INFTL_deleteblock()' demonstrates the proper error handling. The vulnerability can cause the system to mismanage write units, potentially leading to data corruption or loss.

Impact

The vulnerability could result in an out-of-bounds read, allowing for improper handling of data that could be exploited to corrupt memory or bypass security mechanisms.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel INFTL Out-of-Bounds Read Vulnerability in MTD Subsystem

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating