Linux Kernel Atlantic Driver Out-of-Bounds Write Vulnerability

A vulnerability in the Linux kernel's Atlantic network driver allows for an out-of-bounds write. This issue arises because the final update statement in a for loop exceeds the array's bounds, leading to a dereference of an invalid index. The problem was identified by the Undefined Behavior Sanitizer, which reported the array index error. The vulnerability was introduced in version 5.19.0 and has been fixed in subsequent releases.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by leading to an out-of-bounds array access, which can potentially be exploited to overwrite memory and cause undefined behavior.

Reproduction

The vulnerability can be reproduced by triggering the Atlantic network driver's suspend routine, which involves the 'aq_nic_stop' function. This process can be initiated through standard device management workflows that suspend PCI devices.

Remediation

Users should upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.