Linux Kernel Array Overflow Vulnerability in QCOM LED Driver

An array overflow vulnerability has been identified in the Linux kernel's QCOM LED driver. This issue arises when high-resolution values are selected from an array using the FIELD_GET() macro, which retrieves data from a 3-bit register. The problem occurs because the array being accessed contains only five values, creating a risk of reading random data. Although the hardware is likely functioning correctly, it is essential to implement proper checks to prevent overflow and ensure that only valid data is read before configuring chip values.

Impact

Exploitation of this vulnerability could lead to undefined behavior by allowing out-of-bounds memory access, potentially overwriting critical data or causing a crash.

Reproduction

The vulnerability can be reproduced by selecting high-resolution values in the QCOM LED driver. The FIELD_GET() function will pull data from a 3-bit register, which can index beyond the bounds of an array with only five values, leading to an overflow. This can be triggered by manipulating the PWM_CLK_SELECT_HI_RES_MASK register to a value that exceeds the array's limits.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.