Linux Kernel Out-of-Bounds Write Vulnerability in MACB Ethernet Driver

A memory corruption vulnerability has been identified in the Linux kernel's MACB Ethernet driver. This issue arises from an out-of-bounds write in the 'gem_get_ethtool_stats' function, which is part of the MACB driver. The vulnerability occurs because the function incorrectly uses the maximum number of queues to copy statistics data, leading to a mismatch between the allocated memory and the actual data being written. This flaw was detected using the Kernel Address Sanitizer (KASAN), which reported a 'vmalloc-out-of-bounds' error. The issue affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a memory corruption error, specifically an out-of-bounds write, which can lead to undefined behavior such as data corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using the 'ethtool' command to request statistics from a network device that uses the MACB driver. The 'gem_get_ethtool_stats' function will be called, and if the number of active queues is less than the maximum, an out-of-bounds write will occur.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.