Linux Kernel SCSI SES Enclosure Driver Out-of-Bounds Access Vulnerability

A vulnerability in the Linux kernel's SCSI SES enclosure driver can lead to out-of-bounds memory access. This issue arises in the 'ses_enclosure_data_process' function, where the 'addl_desc_ptr' pointer can be manipulated to read beyond the allocated buffer, potentially causing memory corruption or undefined behavior.

Impact

Exploitation of this vulnerability could result in memory corruption due to out-of-bounds accesses, which may lead to arbitrary code execution or other unintended consequences.

Reproduction

The vulnerability can be reproduced by creating a SCSI SES enclosure device with a malformed descriptor that exceeds the expected length. When the 'ses_enclosure_data_process' function processes this descriptor, the 'addl_desc_ptr' pointer will be incorrectly adjusted, leading to out-of-bounds memory access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading can be found in the official Linux kernel documentation.