Linux Kernel Comedi ME-DAQ Driver Firmware Buffer Overrun Vulnerability

A buffer overrun vulnerability has been identified in the Linux kernel's Comedi ME-DAQ driver. The issue arises in the 'me2600_xilinx_download()' function, which loads firmware requested by 'request_firmware()'. The function does not properly validate the firmware file format, allowing it to overrun the source buffer. It reads the data stream length from the first four bytes into a variable and then reads the data stream contents from offset 16 onwards. While there is a check to ensure the firmware is at least 16 bytes long, it fails to verify that it is sufficiently long to include the entire data stream. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a buffer overrun, which may cause memory corruption or allow for arbitrary code execution.

Reproduction

To reproduce this vulnerability, load a firmware file that is not properly formatted or is shorter than required into the Comedi ME-DAQ driver. The 'me2600_xilinx_download()' function will attempt to read the firmware, leading to a buffer overrun.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux documentation.