Linux Kernel Exynos Clock Driver Out-of-Bounds Access Vulnerability

A vulnerability has been identified in the Linux kernel's Exynos clock driver, specifically in the handling of the 'struct clk_hw_onecell_data' structure. The issue arises because the 'hws' member, which is annotated with '__counted_by' to inform the bounds sanitizer about the number of elements, is accessed before its count is properly initialized. This out-of-bounds access triggers a warning from the bounds sanitizer. The vulnerability is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to an out-of-bounds array access, which can potentially be exploited to cause undefined behavior in the kernel, such as memory corruption.

Reproduction

The vulnerability can be reproduced by loading the Exynos clock driver in a Linux kernel environment. The 'exynos_clkout_probe' function will be executed, where the 'data.num' field is assigned after the 'hws' array has been accessed. This sequence of operations causes the bounds sanitizer to issue a warning about the out-of-bounds access, indicating that the first index of the 'hws' array was accessed before the array's size was properly initialized.

Remediation

The vulnerability has been addressed by modifying the 'exynos_clkout_probe' function to initialize the 'data.num' field before accessing the 'hws' array. Users can apply the latest patches available in the Linux kernel stable tree to mitigate this issue.