CVE-2022-50623

Vulnerability

In the Linux kernel, the dfl_feature_ioctl_set_irq() function in the FPGA DFL (Device Feature List) subsystem contains an integer overflow vulnerability. The multiplication hdr.count * sizeof(s32) can overflow on 32-bit systems, potentially leading to memory corruption [1].

Exploitation

An attacker with the ability to invoke the affected ioctl on a DFL device can trigger the overflow by providing a large hdr.count value. The overflow occurs during the calculation of the size for a memory allocation, which may result in a smaller buffer than required, leading to out-of-bounds writes [2].

Impact

Successful exploitation could allow an attacker to corrupt kernel memory, potentially leading to privilege escalation or system crash. The vulnerability is specific to 32-bit architectures where the multiplication overflow is possible.

Mitigation

The fix uses the array_size() helper to safely compute the allocation size, preventing the overflow. The patch has been applied to the stable kernel tree [1][2]. Users should update to a patched kernel version.