An issue was discovered in the Linux kernels implementation of ocelot-serdes hardware. An incorrect limits calculation allowed an off-by-one calculation which could read out of bounds data and panic the system. If the data was not out of bounds the following code could then write data into the out-of-bounds area corrupting memory or possibly other consequences. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6acb47d1a318e5b3b7115354ebc4ea060c59d3a1 https://github.com/torvalds/linux/commit/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1738712]
This was fixed in Fedora with the 4.20 stable kernel update.
Mitigation: There is no requirement for mitigation at this time as this flaw does not affect shipping releases of Red Hat Enterprise Linux
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-20854