Volerion logoVolerion
Volerion logoVolerion

Linux Kernel i40e Out-of-Bounds Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's i40e driver can lead to an out-of-bounds dereference. This issue arises from improper input validation in the 'action_meta' field, which is used to apply filters. The vulnerability affects the stable version of the Linux kernel.

Impact

The vulnerability can cause an out-of-bounds dereference, which may lead to memory corruption or a crash.

Reproduction

The vulnerability can be reproduced by modifying the 'action_meta' field in the i40e driver to a value that is not properly validated, such as a number greater than the number of available traffic classes. This can be done through a virtual function request that includes an invalid 'action_meta' value.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.

Added: Oct 15, 2025, 8:55 AM
Updated: Oct 15, 2025, 8:55 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.