A vulnerability was found in ad5755_parse_dt in drivers/iio/dac/ad5755.c in Linux Industrial I/O Subsystem subsystem. Here a comparison for devnr limits was exceeding by one, were the current implementation allowed 0 to AD5755_NUM_CHANNELS, while the actual limit should have been till 'AD5755_NUM_CHANNELS - 1', and this can cause an out of bounds write to pdata->dac[devnr]. Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d47964bfd471f0dd4c89f28556aec68bffa0020 References: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2016-10907