Linux Kernel PCF85063 Out-of-Bounds Write Vulnerability in NVMEM Read

A vulnerability in the Linux kernel's handling of the PCF85063 real-time clock can lead to an out-of-bounds write during NVMEM read operations. This issue arises because the NVMEM interface allows variable buffer sizes, while the regmap interface uses fixed-size storage. When an NVMEM client specifies a buffer size smaller than 4 bytes, the regmap_read function can write out of bounds, as it expects the buffer to reference an unsigned integer. The vulnerability has been addressed by modifying the read process to use an intermediary unsigned integer to store the value, preventing the out-of-bounds write.

Impact

Exploitation of this vulnerability could lead to memory corruption by allowing data to be written outside the intended buffer boundaries. This kind of memory corruption can often be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.