Linux Kernel TPS53679 Driver Out-of-Bounds Read Vulnerability

A vulnerability has been identified in the Linux kernel's TPS53679 hardware monitoring driver. The issue arises in the 'tps53679_identify_chip' function, where the 'i2c_smbus_read_block_data' function can return a zero-length read. This condition is not properly handled, leading to an out-of-bounds read from the buffer. The vulnerability has been addressed by modifying the length check to treat zero-length reads as an error, preventing the invalid array access.

Impact

The vulnerability could lead to out-of-bounds memory access, potentially causing undefined behavior or memory corruption.

Reproduction

The vulnerability can be reproduced by using the TPS53679 driver in a scenario where the 'i2c_smbus_read_block_data' function returns the value of 0, indicating a zero-length read. This can be done by interfacing with a device that responds with an empty data block, which will trigger the flawed buffer handling in the 'tps53679_identify_chip' function.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is '0e211f6aaa6a00fd0ee0c1eea5498f168c6725e6', which is included in the official Linux kernel repository.