Acknowledged
Created: Jul 7, 2025
Updated: Jul 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()[EOL][EOL]Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value[EOL]is checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).[EOL]This seems correct and aligns with the PTP interrupt status register[EOL](PTP_INT_STS) specifications.[EOL][EOL]However, lan743x_ptp_io_event_clock_get() writes to ptp->extts[] with[EOL]only LAN743X_PTP_N_EXTTS(4) elements, using channel as an index:[EOL][EOL] lan743x_ptp_io_event_clock_get(..., u8 channel,...)[EOL] {[EOL] ...[EOL] /* Update Local timestamp */[EOL] extts = &ptp->extts[channel];[EOL] extts->ts.tv_sec = sec;[EOL] ...[EOL] }[EOL][EOL]To avoid an out-of-bounds write and utilize all the supported GPIO[EOL]inputs, set LAN743X_PTP_N_EXTTS to 8.[EOL][EOL]Detected using the static analysis tool - Svace.
CREATE(Triage):(User=admin) [CVE-2025-38183 (https://nvd.nist.gov/vuln/detail/CVE-2025-38183)
