Linux Kernel Out-of-Bounds Write Vulnerability in Hisilicon PHY Driver

A vulnerability allowing an out-of-bounds write has been identified in the Linux kernel's Hisilicon PHY driver for the Inno USB2 PHY. This issue arises in the 'hisi_inno_phy_probe()' function, where the loop index 'i' is improperly validated. The current check allows 'i' to equal the maximum port number, but the subsequent logic could lead to a write operation outside the intended array bounds. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to memory corruption by allowing writes outside the allocated bounds of an array, potentially overwriting adjacent memory and causing undefined behavior.

Reproduction

The vulnerability can be reproduced by loading the Hisilicon Inno USB2 PHY driver on a platform that includes this driver. The 'hisi_inno_phy_probe()' function will be executed, where the improper bounds checking will allow 'i' to reach an invalid state, causing an out-of-bounds write.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit addressing this issue is available in the Linux kernel stable tree.