Linux Kernel Out-of-Bounds Read/Write Vulnerability in net/mdiobus

A vulnerability allowing out-of-bounds read/write access has been identified in the Linux kernel's net/mdiobus component. This issue arises when using 'mdio-tools' to interact with network interfaces and their PHYs via Clause 45 of the MDIO bus. The vulnerability exists because the ioctl function does not validate the parameters, allowing any MDIO address to be accepted. Although the kernel supports 32 addresses, it is possible to specify a higher value through ioctl. While operations should typically fail in such cases, the MDIO bus provides a stats array that can be exploited for out-of-bounds read/write operations by using an incorrect address. The vulnerability has been addressed by implementing address verification before performing Clause 45 read/write operations, enhancing the security of these operations.

Impact

Exploitation of this vulnerability could lead to unauthorized out-of-bounds read/write operations, potentially allowing for memory corruption or arbitrary memory access.