Linux Kernel Shift-Out-of-Bounds Vulnerability in STMicroelectronics Ethernet Driver

A shift-out-of-bounds vulnerability has been identified in the Linux kernel's STMicroelectronics Ethernet driver, specifically in the DMA queue mapping for the MTL_RXQ_DMA_MAP1. This issue arises when the queue number exceeds 4, leading to an overflow in the left shift operation due to the 32-bit integer variable. The vulnerability can be observed when the kernel is compiled with CONFIG_UBSAN enabled, which triggers a warning about the out-of-bounds shift. The vulnerability has been addressed by correcting the mask calculation for the DMA queue mapping, thereby resolving the overflow issue and the associated warning.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the kernel, such as memory corruption or incorrect handling of network traffic, potentially causing a denial-of-service condition or other unintended consequences.

Reproduction

To reproduce this vulnerability, compile the Linux kernel with CONFIG_UBSAN enabled and load the STMicroelectronics Ethernet driver. When the network manager attempts to open a network interface using this driver, the kernel will generate a shift-out-of-bounds warning, indicating that the vulnerability has been triggered.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed.