OpenAMP Integer Overflow Vulnerability in ELF Loader Allows Memory Corruption

A vulnerability allowing integer overflow has been identified in the OpenAMP ELF loader version 2025.10.0. This issue arises during the parsing of firmware images, where the loader multiplies two 16-bit values from the ELF header without proper overflow checks. On 32-bit embedded systems such as STM32MP1, Zynq, and i.MX, this can lead to the creation of a small value from a large one, causing memory corruption by overwriting host memory with crafted ELF images.

Impact

Exploitation of this vulnerability corrupts host memory, potentially leading to arbitrary code execution or causing a crash.

Reproduction

The vulnerability can be reproduced by loading a specially crafted ELF file into the OpenAMP ELF loader. The crafted ELF file must contain values in the header that, when multiplied, exceed the maximum limit of a 16-bit integer, causing an overflow. This can be done by manipulating the ELF file's load segment to include large values that will wrap around when processed by the loader.