CVE-2025-38183

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()<br /> <br /> Before calling lan743x_ptp_io_event_clock_get(), the &amp;#39;channel&amp;#39; value<br /> is checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).<br /> This seems correct and aligns with the PTP interrupt status register<br /> (PTP_INT_STS) specifications.<br /> <br /> However, lan743x_ptp_io_event_clock_get() writes to ptp-&gt;extts[] with<br /> only LAN743X_PTP_N_EXTTS(4) elements, using channel as an index:<br /> <br /> lan743x_ptp_io_event_clock_get(..., u8 channel,...)<br /> {<br /> ...<br /> /* Update Local timestamp */<br /> extts = &amp;ptp-&gt;extts[channel];<br /> extts-&gt;ts.tv_sec = sec;<br /> ...<br /> }<br /> <br /> To avoid an out-of-bounds write and utilize all the supported GPIO<br /> inputs, set LAN743X_PTP_N_EXTTS to 8.<br /> <br /> Detected using the static analysis tool - Svace.