Linux Kernel Comedi PCL726 Invalid IRQ Number Vulnerability

A vulnerability in the Linux kernel's Comedi PCL726 driver allows for out-of-bounds memory access by accepting invalid interrupt request (IRQ) numbers. The issue arises when an IRQ number larger than the maximum allowable value is passed, triggering an out-of-bounds condition. The vulnerability has been addressed by implementing a check to ensure that IRQ numbers are within a valid range before they are processed. This issue affects several versions of the Linux kernel, specifically versions 5.13 and later.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending an invalid IRQ number, such as 0x80008000, which exceeds the allowable range. This triggers an out-of-bounds memory access. The old driver code would skip requesting the IRQ if the number was invalid, but would still configure the device without interrupts, even if an error occurred when trying to request the IRQ.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the Linux kernel can be found in the official Linux kernel documentation.