Zephyr Project Buffer Overflow Vulnerability in eswifi Socket Offload Driver

A buffer overflow vulnerability has been identified in the eswifi socket offload driver of the Zephyr Project, in versions through 4.3. The issue arises because the driver copies user-supplied payloads into a fixed buffer without proper space validation, allowing oversized data to overflow the buffer and corrupt kernel memory. This vulnerability, classified as CWE-120, can be exploited by local code that invokes the socket send API, as it does not provide remote network entry.

Impact

Exploitation of this vulnerability leads to a buffer overflow in the driver's staging buffer, with potential consequences of corrupting kernel memory. This could cause a denial-of-service or, in some cases, allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building and running an application that uses the eswifi socket offload driver. The application should send an oversized payload through the socket send API, which will trigger the buffer overflow by exceeding the allocated buffer size and overwriting adjacent memory.

Remediation

Users can apply the patch available in the Zephyr Project GitHub repository, specifically in pull request #102119.