Linux Kernel iwlwifi Driver Array Overrun Vulnerability in Shared Memory Parsing

A vulnerability has been identified in the Linux kernel's iwlwifi wireless driver, specifically in the parsing of shared memory for the 22000 series. The issue arises when the firmware incorrectly reports three Logical MAC (LMAC) entries, leading to an array overrun. This vulnerability affects the stable version of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a buffer overrun, potentially allowing for arbitrary code execution or causing a denial-of-service condition by crashing the system.

Reproduction

The vulnerability can be reproduced by using a firmware version that reports three LMACs in the shared memory configuration, despite the hardware only supporting two. This discrepancy will trigger the array overrun by accessing an out-of-bounds index.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.