CVE-2023-54065

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: dsa: realtek: fix out-of-bounds access<br /> <br /> The probe function sets priv-&gt;chip_data to (void *)priv + sizeof(*priv)<br /> with the expectation that priv has enough trailing space.<br /> <br /> However, only realtek-smi actually allocated this chip_data space.<br /> Do likewise in realtek-mdio to fix out-of-bounds accesses.<br /> <br /> These accesses likely went unnoticed so far, because of an (unused)<br /> buf[4096] member in struct realtek_priv, which caused kmalloc to<br /> round up the allocated buffer to a big enough size, so nothing of<br /> value was overwritten. With a different allocator (like in the barebox<br /> bootloader port of the driver) or with KASAN, the memory corruption<br /> becomes quickly apparent.