Linux Kernel Out-of-Bound Memory Copy Vulnerability in bnxt_en Driver

A vulnerability in the Linux kernel's bnxt_en Ethernet driver has been identified, involving an out-of-bounds memory copy during the retrieval of firmware coredumps via ethtool. This issue can lead to memory corruption. The vulnerability arises when the driver copies a list of coredump segments from the firmware, using a buffer that may not be adequately sized to handle the data, causing the memory corruption issue. The problem occurs with the HWRM_DBG_COREDUMP_LIST and HWRM_DBG_COREDUMP_RETRIEVE firmware commands, where the length of the data returned by the firmware can exceed the allocated buffer size, leading to the corruption.

Impact

Exploitation of this vulnerability causes memory corruption, which can potentially be exploited to execute arbitrary code or cause a denial-of-service condition.