Linux Kernel ACPICA Method Evaluation Vulnerability Due to Missing Arguments

Vulnerability

A vulnerability in the Linux kernel's ACPICA component has been addressed, which involved improper evaluation of methods when arguments were missing. This issue arose after a platform firmware update increased the number of required parameters but failed to update at least one of the method callers. The discrepancy led to a use-after-free error, causing ACPICA to crash. The vulnerability has been resolved by modifying ACPICA to reject method evaluations that do not meet the expected argument requirements.

Impact

The vulnerability could lead to a use-after-free condition, causing a crash in the ACPICA component of the Linux kernel.

Added: Jul 25, 2025, 2:07 PM

Updated: Jul 25, 2025, 6:38 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ACPICA Method Evaluation Vulnerability Due to Missing Arguments

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating