Описание
In the Linux kernel, the following vulnerability has been resolved:
udmabuf: fix a buf size overflow issue during udmabuf creation
by casting size_limit_mb to u64 when calculate pglimit.
A buffer-overflow vulnerability was found in the Linux kernel's udmabuf driver. The flaw occurs in the udmabuf_create() function, which calculates the page count limit (pglimit) using the variable size_limit_mb. This size variable can be misinterpreted as either 32-bit or 64-bit, resulting in incorrect page limit checks and allocating a larger DMA buffer than permitted. This issue can lead to memory corruption, system instability, and a denial of service.
Отчет
An integer overflow in udmabuf_create can occur when computing the page limit from size_limit_mb using 32 bit arithmetic before shifting. This can cause pglimit to wrap and may break the intended buffer size enforcement, allowing a local user with access to the udmabuf device to request unexpectedly large allocations. The issue is not network reachable and does not imply memory corruption by itself. Impact is primarily denial of service via memory pressure or allocation failures.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 10 | kernel | Fixed | RHSA-2025:15447 | 08.09.2025 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:15429 | 08.09.2025 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:15429 | 08.09.2025 |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | kernel | Fixed | RHSA-2025:11571 | 23.07.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.
udmabuf: fix a buf size overflow issue during udmabuf creation
In the Linux kernel, the following vulnerability has been resolved: u ...
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.
EPSS
7.3 High
CVSS3