Linux Kernel Megaraid_sas Out-of-Bounds Access Vulnerability

A vulnerability in the Linux kernel's megaraid_sas SCSI driver has been identified, involving an out-of-bounds access issue. This problem occurs on systems with DRAM interleave enabled, where the driver improperly handles interrupt vector allocations. The flaw has been detected during the probing of the megaraid_sas device, leading to undefined behavior by accessing an invalid array index.

Impact

Exploitation of this vulnerability causes an out-of-bounds array access, which can lead to undefined behavior such as memory corruption.

Reproduction

The vulnerability can be reproduced by enabling DRAM interleave on a system and loading the megaraid_sas driver. During the driver's initialization process, it requests 128 MSI-X interrupt vectors, but an invalid node index is generated, causing an out-of-bounds access in the CPU topology data. This issue can be observed using the Undefined Behavior Sanitizer, which reports the array index out-of-bounds error.