Linux Kernel QLogic Fibre Channel Driver Buffer Overrun Vulnerability

A buffer overrun vulnerability has been identified in the QLogic Fibre Channel driver (qla2xxx) of the Linux kernel. This issue arises from the driver using the 'fc_els_flogi' structure to calculate the size of a buffer, while the actual buffer is nested within 'fc_els_flogi' and is smaller. As a result, the buffer size calculation is incorrect, leading to an array index out-of-bounds condition. The vulnerability has been addressed by modifying the structure name used for the size calculation, allowing for accurate buffer sizing.

Impact

The vulnerability could lead to a buffer overflow, allowing for potential memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using the QLogic Fibre Channel driver in the Linux kernel. The driver will incorrectly calculate buffer sizes, leading to a buffer overrun condition. This can be triggered by operations that involve the 'fc_els_flogi' structure, such as Fibre Channel login processes.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The patch is available in the Linux kernel stable tree.