Linux Kernel PTP Subsystem Max Virtual Clocks Limit Vulnerability

A vulnerability in the Linux kernel's Precision Time Protocol (PTP) subsystem allows for improper handling of the maximum virtual clocks parameter. This issue arises because the maximum value can exceed what the memory allocation function 'kcalloc' can manage, potentially leading to memory-related errors. The vulnerability is present in the PTP sysfs interface, specifically within the 'max_vclocks_store' function, where the input is not adequately validated before being processed.

Impact

The vulnerability could cause a warning to be issued by the syzbot fuzzer, indicating a problem in the PTP subsystem's handling of virtual clock parameters. This could potentially be exploited to cause a denial of service by triggering the warning condition, although such an exploitation would need to be carefully crafted.

Reproduction

The vulnerability can be reproduced by writing a value to the 'max_vclocks' parameter in the PTP sysfs interface that exceeds the allocated limit. This can be done by using the 'echo' command to send a large value to the 'max_vclocks' file, which will then be processed by the 'max_vclocks_store' function. The input validation flaw will allow the oversized value to be accepted, causing the reported warning.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed by adding a proper upper limit on the maximum virtual clocks parameter, ensuring that it does not exceed what can be safely handled by the memory allocation functions.