Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel related to the handling of clock hardware structures for the 9FGV0841 chip. The chip has 8 outputs and requires 8 slots for struct clk_hw pointers. However, the driver originally did not reserve enough slots, leading to an out-of-bounds write when pointers 4 through 7 are set in the clk_dif array of the rs9_driver_data structure.

Because there are other structure members after the clk_hw pointer array, writing beyond the allocated slots corrupts the rs9_driver_data structure and adjacent memory. This corruption may not always crash the kernel immediately but will cause a kernel crash when the driver is unbound or the system suspends.

The fix involved increasing the size of the clk_hw pointer array to match the maximum output count of the 9FGV0841 chip, preventing out-of-bounds writes.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to memory corruption within the Linux kernel, specifically corrupting the rs9_driver_data structure and surrounding data.

Such corruption can cause the kernel to crash, particularly when the affected driver is unbound or when the system enters suspend mode.

Kernel crashes can result in system instability, unexpected reboots, potential data loss, and downtime, impacting system reliability and availability.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by increasing the struct clk_hw pointer array size to the maximum output count of 9FGV0841 in the Linux kernel driver. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Avoid using affected drivers or hardware until the kernel is updated, as the vulnerability can cause kernel crashes during driver unbinding or suspend operations.

Useful 0 Not Useful 0