Linux Kernel Out-of-Bounds Read Vulnerability in DVB Network Component

A vulnerability has been identified in the Linux kernel's handling of Universal Link Extension (ULE) headers within the Digital Video Broadcasting (DVB) network component. The issue arises because the extension header tables are indexed by data that can be controlled over the network, leading to an out-of-bounds read of a function pointer table. This could potentially allow the out-of-bounds value to be executed as a function pointer, creating a security risk.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution by allowing an out-of-bounds value to be called as a function pointer, potentially executing malicious code with the privileges of the kernel.

Reproduction

The vulnerability can be reproduced by sending a ULE header with an 'htype' value of 255, which will trigger the out-of-bounds read on the function pointer tables. This can be done by manipulating the 'ule_sndu_type' field in a way that the 'htype' index exceeds the valid range, specifically targeting the DVB network component.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux kernel documentation.