Linux Kernel Buffer Overflow Vulnerability in OMAP IOMMU Debugfs

A buffer overflow vulnerability has been identified in the Linux kernel's OMAP IOMMU debugfs interface. This issue arises because the 'len' variable is not properly checked before the first write operation. If the 'omap2_iommu_dump_ctx()' function is called with 'bytes' less than 32, it can lead to a buffer overflow. Additionally, the 'snprintf()' function is used incorrectly; it returns the number of bytes that would have been copied if there were enough space, rather than the actual number of bytes copied. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, which may be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by invoking the 'omap2_iommu_dump_ctx()' function with a 'bytes' value less than 32. This will trigger the buffer overflow condition. The issue can be observed in the OMAP IOMMU debugfs interface.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The fixed version can be found in the Linux kernel stable tree.