Linux Kernel LAN743X Out-of-Bounds Write Vulnerability in PTP IO Event Clock Handling

A potential out-of-bounds write vulnerability has been identified in the Linux kernel's handling of Precision Time Protocol (PTP) IO events for the LAN743X network driver. The issue arises in the function 'lan743x_ptp_io_event_clock_get()', where the 'channel' index is not properly validated against the actual number of available channels. Although the 'channel' value is initially checked to ensure it does not exceed the maximum number of PTP IO channels, the subsequent write operation to the PTP external timestamp array does not account for the possibility of exceeding the array's bounds. This vulnerability could lead to memory corruption by allowing writes beyond the allocated array size.

Impact

Exploitation of this vulnerability could result in memory corruption due to out-of-bounds writes, potentially leading to arbitrary code execution or other undefined behavior.

Remediation

To address this vulnerability, the 'LAN743X_PTP_N_EXTTS' constant should be set to 8, ensuring that all supported channels are properly accounted for in the PTP IO event handling.