Linux Kernel Greybus gb-Beagleplay Bootloader Buffer Overflow Vulnerability

A buffer overflow vulnerability has been addressed in the Linux kernel's Greybus gb-Beagleplay component. The issue arises in the cc1352_bootloader_rx() function, which improperly handles incoming data chunks from the serdev interface. The function appends each chunk to a fixed receive buffer without adequately checking if the incoming data fits within the available space. This oversight can lead to buffer overflow by allowing leftover bytes from previous callbacks to be combined with new data, exceeding the buffer's capacity. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, which may be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending oversized data chunks to the cc1352_bootloader_rx() function in the Greybus gb-Beagleplay component. The function will append the data to the fixed receive buffer without proper validation, causing an overflow.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.