Linux Kernel ims-pcu Input Validation Vulnerability Leading to Memory Corruption

Vulnerability

A vulnerability in the Linux kernel's ims-pcu component allows for memory corruption due to improper input validation. The issue arises in the ims_pcu_flash_firmware() function, where the 'len' variable, sourced from the firmware, is not adequately checked before being used in a memcpy operation. This lack of validation can lead to memory corruption if the 'len' value is excessively large.

Impact

Exploitation of this vulnerability could result in memory corruption, potentially leading to undefined behavior such as arbitrary code execution or causing a system crash.

Added: Jul 25, 2025, 4:20 PM

Updated: Jul 25, 2025, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ims-pcu Input Validation Vulnerability Leading to Memory Corruption

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating