Linux Kernel ST LSM6DSX Buffer Sampling Frequency Vulnerability

A vulnerability in the Linux kernel's ST LSM6DSX IMU driver allows for out-of-bounds access when setting buffer sampling frequencies for certain sensor types. The issue arises because the driver expects only accelerometer or gyroscope data, but the buffer frequency attribute can be incorrectly applied to other sensor types, leading to invalid memory access. This vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to memory corruption or potentially allow for arbitrary code execution.

Reproduction

To reproduce this vulnerability, write a buffer sampling frequency to the sysfs attribute for a sensor type other than the accelerometer or gyroscope. This will trigger the st_lsm6dsx_hwfifo_odr_store() function, which will access the out-of-bounds index in the odr_table array, causing an invalid memory access.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.