Impact
The Dell WMI SysMan driver for Linux x86 concatenates firmware‐supplied enumeration strings into a fixed 512‑byte buffer using raw strcat() calls without a cumulative length check. Each source string is individually bounded, but the aggregate append operation ignores the remaining space, enabling a buffer overflow if the combined strings exceed the available buffer capacity. An attacker who can supply crafted enumeration data—such as via modified firmware—could trigger this overflow, potentially corrupting kernel memory and leading to a kernel crash, privilege escalation, or denial of service. The vulnerability is thus a kernel memory corruption flaw that directly affects system integrity and availability.
Affected Systems
All Linux kernels that include the Dell WMI SysMan module for the x86 architecture before the patch are affected. The CNA vendor list indicates that the vulnerability applies to Linux:Linux, meaning any distribution shipping the kernel with this module is vulnerable. The driver is an upstream component, so the issue is present in all kernel releases prior to the patch, regardless of vendor or distribution.
Risk and Exploitability
The CVSS score of 7.0 signifies a high severity, while the EPSS score of < 1% and the absence from the CISA KEV catalog suggest that exploitation activity is currently low. However, generating custom enumeration strings in firmware is feasible on systems with Dell hardware, and the lack of safety checks in the aggregation loop leaves the kernel at risk of overflow. Thus, the risk remains moderate to high for administrators managing affected Dell devices, as the flaw could allow privilege escalation or system destabilization. The primary attack vector is inferred to be delivery of malicious firmware enumeration data to the driver.
OpenCVE Enrichment
Debian DLA