Linux Kernel Stack Buffer Overflow Vulnerability in Q54SJ108A2 Debugfs Read Function

A stack buffer overflow vulnerability has been identified in the Linux kernel's hardware monitoring (hwmon) subsystem, specifically within the PMBus driver for the Q54SJ108A2 power supply controller. The issue arises in the 'q54sj108a2_debugfs_read' function, where incorrect argument handling in the 'bin2hex()' function leads to a buffer overflow. The vulnerability allows for 30 bytes of data to be written past the allocated buffer size, potentially overwriting stack memory and causing undefined behavior.

Impact

Exploitation of this vulnerability leads to a stack buffer overflow, where data is written beyond the allocated memory buffer. This can overwrite adjacent memory on the stack, potentially leading to arbitrary code execution or causing a program crash.

Reproduction

The vulnerability can be reproduced by reading from the debugfs interface of the Q54SJ108A2 PMBus driver. The 'q54sj108a2_debugfs_read' function will incorrectly process the data, causing a buffer overflow by writing 30 extra bytes onto the stack.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Linux kernel Git repository. Instructions for downloading the latest stable version can be found on the Linux kernel website.