Linux Kernel Maple Tree Out-of-Bounds Access Vulnerability

A potential out-of-bounds access vulnerability has been identified in the Linux kernel's maple tree implementation. This issue arises in the 'mas_wr_end_piv()' function, where the write offset end bounds are not properly checked before being used as an index into the pivot array. If the write extends to the last slot in the node, it can lead to an out-of-bounds access on the pivot array. While this vulnerability does not currently affect any callers, it could pose a problem for new users of the maple tree data structure if the fix is backported into earlier kernel versions.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing undefined behavior or memory corruption.

Reproduction

The vulnerability can be reproduced by creating a new user of the maple tree data structure that writes to the pivot array. If the write extends to the last slot in the node without proper bounds checking, the out-of-bounds access will occur.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Instructions for downloading the patched version are available in the Linux kernel Git repository.