Linux Kernel Out-of-Bounds Write Vulnerability in USB Storage Driver for SDR55 Devices

A vulnerability in the Linux kernel's USB storage driver for SDR55 devices allows for out-of-bounds writes that can corrupt heap memory. This issue arises because a malicious device can report block addresses exceeding the actual capacity, causing the driver to access invalid memory regions. The vulnerability has been addressed by implementing checks to reject these out-of-bounds block addresses before they can be processed.

Impact

Exploitation of this vulnerability could lead to memory corruption, potentially allowing for arbitrary code execution or causing a denial-of-service condition by crashing the system.

Reproduction

To reproduce this vulnerability, connect a bogus USB storage device that reports block addresses beyond the allowed limit based on its capacity. The device's status packet will then cause the driver to access invalid memory, leading to corruption.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux documentation.