Linux Kernel SCSI LPFC Buffer Overflow Vulnerability in DebugFS Entry

A buffer overflow vulnerability has been identified in the Linux kernel's SCSI LPFC driver. The issue arises in the 'lpfc_debugfs_lockstat_write' function, where 'copy_from_user' is used to read data from a userspace buffer into a fixed-size character array. This operation can potentially lead to a buffer overflow by copying more bytes than the array can safely hold. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a buffer overflow, which may allow for arbitrary code execution or cause memory corruption.

Reproduction

The vulnerability can be reproduced by writing data to the 'lpfc_debugfs_lockstat' debugfs entry. The 'copy_from_user' function will then read the data into a buffer that is not properly sized, leading to a buffer overflow.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The commit ID for the patch is 'c6087b82a9146826564a55c5ca0164cac40348f5'.