Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()Before calling lan743x_ptp_io_event_clock_get(), the 'channel' valueis checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).This seems correct and aligns with the PTP interrupt status register(PTP_INT_STS) specifications.However, lan743x_ptp_io_event_clock_get() writes to ptp->extts[] withonly LAN743X_PTP_N_EXTTS(4) elements, using channel as an index: lan743x_ptp_io_event_clock_get(..., u8 channel,...) { ... /* Update Local timestamp */ extts = &ptp->extts[channel]; extts->ts.tv_sec = sec; ... }To avoid an out-of-bounds write and utilize all the supported GPIOinputs, set LAN743X_PTP_N_EXTTS to 8.Detected using the static analysis tool - Svace.
No PoCs from references.
- https://github.com/w4zu/Debian_security