CVE-2023-54222

Vulnerability

Description

In the Linux kernel, the tegra_hte_map_to_line_id() function in the Tegra194 HTE (Hardware Timestamping Engine) driver contains an off-by-one error. The loop bound check uses ">" instead of ">=" when comparing against map_sz, which is the number of elements in the array m. This allows one index beyond the array to be accessed, resulting in an out-of-bounds read [1][2].

Exploitation

To trigger this bug, an attacker needs to be able to call the affected code path with a crafted input that leads to the loop iteration exceeding the array size. The exact prerequisites are not detailed, but local access and specific system calls may be required.

Impact

An out-of-bounds read can disclose sensitive kernel memory information or cause a system crash (denial of service). In some cases, it might be leveraged for privilege escalation if combined with other vulnerabilities, but the provided information does not confirm such use.

Mitigation

The vulnerability has been fixed in the Linux kernel stable trees. Patches are available via commits [1] and [2]. Users should update to the latest stable kernel version to mitigate the issue.