Linux Kernel Microchip EIC IRQ Domain Error Code Handling Vulnerability

A vulnerability exists in the Linux kernel's handling of the Microchip External Interrupt Controller (EIC) within the IRQ chip subsystem. The issue arises in the 'mchp_eic_domain_alloc' function, where the 'irq_domain_translate_twocell' function can return a hardware interrupt (hwirq) value that is out of bounds, specifically 2 or greater. This out-of-bounds access occurs because, while the code checks for invalid hwirq values, it fails to properly set an error code for these cases. Instead, it incorrectly returns a success status. The vulnerability has been addressed by modifying the error handling to return an appropriate error code, -EINVAL, when an invalid hwirq value is detected.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing undefined behavior such as memory corruption or application crashes.

Reproduction

The vulnerability can be reproduced by invoking the 'mchp_eic_domain_alloc' function with a configuration that causes the 'irq_domain_translate_twocell' function to return a hardware interrupt value of 2 or greater. This will trigger the out-of-bounds access due to the invalid interrupt value not being properly handled.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable tree.