Linux Kernel Out-of-Bounds Access Vulnerability in SJA1105 DSA Switch Driver

A vulnerability in the Linux kernel's DSA switch driver for the SJA1105 family has been addressed. The issue involved improper handling of memory when deleting entries from a table, which could lead to out-of-bounds access. Specifically, the function 'sja1105_table_delete_entry()' had two related problems: it incorrectly moved elements over the last entry, which was out of bounds, and the memory move operation did not account for the correct number of elements, leaving the last entry improperly accessed. Although the out-of-bounds access did not immediately activate the out-of-bounds element, it could potentially cause issues if that element was part of an unmapped page.

Impact

The vulnerability could lead to out-of-bounds memory access, which can cause undefined behavior, including memory corruption or the potential for exploitation through techniques like arbitrary code execution.