Linux Kernel AD7173 ADC Driver Out-of-Bounds Access Vulnerability

A vulnerability has been identified in the Linux kernel's AD7173 ADC driver, specifically in the handling of channel indices for the 'syscalib_mode' attribute. The issue arises because the address field, which is a 0-based index, is used to access the 'ad7173_channels' array. However, this index may not align with the channels field due to variations in channel configuration specified in the device tree, potentially leading to out-of-bounds access. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to out-of-bounds access, which may cause memory corruption or allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by accessing the 'syscalib_mode' attribute in the AD7173 ADC driver. The driver will incorrectly use the channel index, leading to an out-of-bounds access in the 'ad7173_channels' array. This can be triggered by a device configuration that causes a mismatch between the channel address and the channels field, based on the device tree settings.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit fixing this issue is '0eb8d7b25397330beab8ee62c681975b79f37223', which is available in the Linux kernel stable tree.