Linux Kernel Out-of-Bounds Write Vulnerability in AD3552R-HS DAC Driver

A vulnerability allowing out-of-bounds write has been identified in the Linux kernel's AD3552R-HS digital-to-analog converter (DAC) driver. This issue arises in the 'ad3552r_hs_write_data_source' function, where the 'count' parameter is incorrectly used to null-terminate a buffer. Instead of using the actual number of bytes copied, the code relies on 'count', which can exceed the buffer size, leading to a stack-based out-of-bounds write. The vulnerability was discovered through static analysis and can be reproduced by writing excessive data to the device node, causing the buffer overflow to be reported by the Kernel Address Sanitizer (KASAN).

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by opening the device node for the AD3552R-HS DAC driver and writing 128 bytes of data to it. This exceeds the buffer limit, causing an overflow that the Kernel Address Sanitizer (KASAN) detects.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the Linux Kernel Archives.