Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Out-of-Bounds Write Vulnerability in IIO Core

Vulnerability

A potential out-of-bounds write vulnerability has been identified in the Linux kernel's IIO (Industrial I/O) core. The issue arises because a buffer is allocated for 20 characters, but if a caller writes more than that, the count is truncated to fit the available space. This can lead to out-of-bounds access. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, which may cause memory corruption or allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by writing more than 20 characters to the affected buffer in the IIO core. This can be done through the debugfs interface by exceeding the buffer limit, which will trigger the out-of-bounds write condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The patch is available in the Linux kernel stable tree.

Added: Aug 22, 2025, 4:35 PM
Updated: Aug 22, 2025, 7:04 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.