About CVE-2023-2194: Design weakness found in the Linux kernel’s SLIMpro I2C device driver (21st Apr 2023)

Preface: Every day on earth, there is a vulnerable presence in the digital world. This penguin make your life easily, sometimes it was not good. But this is the life cycle of our digital world.

Background: This driver (X-Gene SLIMpro I2C Driver) provides support for X-Gene SLIMpro I2C device access using the APM X-Gene SLIMpro mailbox driver.

Historical details: In November of 2016, AppliedMicro was acquired by MACOM.
On Jan 2021, X-Gene 3 has re-launched by Ampere under the eMAG family.
Ampere Computing LLC is an American fabless semiconductor company based in Santa Clara, California that develops cloud native server microprocessors (CNPs).

Third-generation of X-Gene processors were announced in 2016 and started sampling in 2017. X-Gene 3 processors are based on the Skylark microarchitecture and were fabricated on TSMC’s 16 nm process. AppliedMicro made large changed to the system architecture of the chip and some minor changes to the core. The chip design shifted from incorporating an array of accelerators on-die to offering a large set of I/O (mostly PCIe lanes) so that high-performance PCIe-based accelerators could be attached instead. In 2017 AppliedMicro sold the X-Gene assets to Ampere Computing and consequently discontinued the X-Gene line. X-Gene 3 has re-launched by Ampere under the eMAG family.

Vulnerability details: An out-of-bounds write vulnerability was found in the Linux kernel’s SLIMpro I2C device driver. The userspace “data->block[0]” variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.

Official details: Please refer to the link – https://github.com/torvalds/linux/commit/92fbb6d1296f

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.