Linux Kernel ACPI Operand Cache Leak Vulnerability

Vulnerability

A cache leak vulnerability in the ACPI operand management has been identified in the Linux kernel. This issue arises during the early termination of ACPI functions, particularly when the kernel encounters a malicious ACPI table. The termination process leads to a memory leak in the Acpi-Operand cache, as indicated by boot logs detailing the cache destruction process. This leak is problematic because, in older kernel versions (through 4.9), it exposes memory locations of kernel functions, potentially allowing malicious users to bypass kernel Address Space Layout Randomization (ASLR). The vulnerability has been addressed in a recent ACPICA commit.

Impact

The cache leak could be exploited to gather information about kernel memory locations, which in older kernel versions could be used to undermine kernel ASLR, leading to potential exploitation of other vulnerabilities.

Added: Jul 10, 2025, 10:43 AM

Updated: Jul 10, 2025, 10:43 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ACPI Operand Cache Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating