Linux Kernel Zynqmp NVMEM Buffer Size Vulnerability in DMA Operations

A vulnerability exists in the Linux kernel's handling of buffer sizes within the Zynqmp NVMEM driver. The issue arises from incorrect buffer size allocations for Direct Memory Access (DMA) operations and memory copying functions. This miscalculation can lead to inadequate DMA buffer access, potentially causing memory corruption. The vulnerability affects the stable version of the Linux kernel.

Impact

The vulnerability can result in memory corruption due to improper handling of DMA buffer sizes, leading to potential instability or unpredictable behavior in the system.

Reproduction

The vulnerability can be reproduced by accessing the efuse through the Zynqmp NVMEM driver, which will trigger the incorrect DMA buffer size allocation. This can be done by writing to the efuse PUF (Physically Unclonable Function) offsets, which will initiate a DMA operation with the undersized buffer, causing the memory corruption.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.