Linux Kernel PCI Endpoint Test Array Underflow Vulnerability in IOCTL Handler

An array underflow vulnerability has been identified in the Linux kernel's PCI endpoint test subsystem. This issue arises in the 'pci_endpoint_test_ioctl()' function, where the 'pci_barno' enumeration was modified to include a negative value, effectively changing its type from unsigned to signed. As a result, if a user inputs a negative number, it triggers an array underflow when the 'pci_endpoint_test_bar()' function is called. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to an array underflow, which can potentially be exploited to cause a buffer underflow, allowing for memory corruption or other unintended behavior.

Reproduction

The vulnerability can be reproduced by sending a negative value to the 'pci_endpoint_test_ioctl()' function. This can be done by invoking the PCI endpoint test IOCTL command with a negative argument, which will cause the function to attempt to access an array index that does not exist, leading to an underflow.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit that addresses this issue is '1ad82f9db13d85667366044acdfb02009d576c5a', which is available in the Linux kernel stable tree.