Linux Kernel DPAA2 Switch Out-of-Bounds Read Vulnerability in IRQ Handler

A vulnerability in the Linux kernel's DPAA2 switch driver can lead to an out-of-bounds read. The issue arises in the IRQ handler, which extracts the interface ID (if_id) from the hardware status register. This if_id is then used to index into the ports array without proper validation. Since if_id can be any 16-bit value, but the ports array is only allocated with a limited number of elements, this lack of validation can result in accessing invalid memory locations. The vulnerability has been addressed by adding a bounds check before accessing the array, aligning with existing validation in the DPAA2 switch receive function.

Impact

Exploitation of this vulnerability can lead to unauthorized memory access, potentially allowing for information disclosure or manipulation.

Reproduction

The vulnerability can be reproduced by triggering an IRQ event that includes an if_id value exceeding the allocated ports array size. This can be done by manipulating the hardware status register to send an invalid if_id to the IRQ handler.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux documentation.