Linux Kernel Integer Overflow Vulnerability in Marvell OCTEON TX Crypto Driver

A vulnerability allowing integer overflows has been identified in the Linux kernel's Marvell OCTEON TX crypto driver. This issue arises from the 'code_length' value sourced from firmware files, which, if untrusted, can lead to potential exploitation. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the kernel, potentially allowing for memory corruption or other malicious actions.

Reproduction

The vulnerability can be reproduced by loading a firmware file into the Marvell OCTEON TX crypto driver that contains a 'code_length' value designed to cause an overflow. This can be done by manipulating the firmware file to include an excessively large 'code_length' value, which the driver will not properly validate before use.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux kernel documentation.