Linux Kernel Buffer Overflow Vulnerability in EEPROM Module Read

A buffer overflow vulnerability has been identified in the Linux kernel's ICE driver, specifically within the 'ice_get_module_eeprom()' function. This issue arises because the function, after a recent refactor, reads EEPROM data in blocks of eight bytes but fails to properly handle the last block, which always contains zeros. The vulnerability was exposed by an upstream ethtool commit that changed how EEPROM data is read, allowing for the exploitation of the buffer overflow. The issue affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a system crash.

Reproduction

The vulnerability can be reproduced by using the 'ethtool' command to read the EEPROM data from a network interface. The 'ice_get_module_eeprom()' function will omit the last block of data, creating a buffer overflow condition. This can be verified by comparing the EEPROM data read with the unpatched and patched versions of the driver.