Zephyr ATAES132A Crypto Driver Stack Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Zephyr crypto driver for the ATAES132A device, specifically in version 4.3.x. The issue arises when the driver processes malformed responses from the ATAES132A with an oversized length field. This flaw allows a compromised device or an attacker with access to the I²C bus to overflow a 52-byte stack buffer, corrupting kernel memory and potentially hijacking execution.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing kernel memory corruption. This could disrupt system operations or allow for unauthorized code execution within the kernel.

Reproduction

The vulnerability can be reproduced by building and running an ASAN (AddressSanitizer) harness that includes the unmodified ATAES132A crypto driver. The harness should stub a malicious device response that exploits the buffer overflow. When the forged response is processed, the ASAN output will indicate a stack-buffer-overflow error, confirming the vulnerability.