In the Linux kernel, the following vulnerability has been resolved:
phy: ti: Fix missing sentinel for clkdivtable
gettablemaxdiv() tries to access "clkdiv_table" array out of bound defined in phy-j721e-wiz.c. Add a sentinel entry to prevent the following global-out-of-bounds error reported by enabling KASAN.
[ 9.552392] BUG: KASAN: global-out-of-bounds in getmaxdiv+0xc0/0x148 [ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38 [ 9.565926] [ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360 [ 9.576242] Hardware name: Texas Instruments J721e EVM (DT) [ 9.581832] Workqueue: eventsunbound deferredprobeworkfunc [ 9.587708] Call trace: [ 9.590174] dumpbacktrace+0x20c/0x218 [ 9.594038] showstack+0x18/0x68 [ 9.597375] dumpstacklvl+0x9c/0xd8 [ 9.601062] printaddressdescription.constprop.0+0x78/0x334 [ 9.606830] kasanreport+0x1f0/0x260 [ 9.610517] _asanload4+0x9c/0xd8 [ 9.614030] _getmaxdiv+0xc0/0x148 [ 9.617540] dividerdeterminerate+0x88/0x488 [ 9.622005] dividerroundrateparent+0xc8/0x124 [ 9.626729] wizclkdivroundrate+0x54/0x68 [ 9.631113] clkcoredetermineroundnolock+0x124/0x158 [ 9.636448] clkcoreroundratenolock+0x68/0x138 [ 9.641260] clkcoresetratenolock+0x268/0x3a8 [ 9.645987] clksetrate+0x50/0xa8 [ 9.649499] cdnssierraphyinit+0x88/0x248 [ 9.653794] phyinit+0x98/0x108 [ 9.657046] cdnspcieenablephy+0xa0/0x170 [ 9.661340] cdnspcieinitphy+0x250/0x2b0 [ 9.665546] j721epcieprobe+0x4b8/0x798 [ 9.669579] platformprobe+0x8c/0x108 [ 9.673350] reallyprobe+0x114/0x630 [ 9.677037] _driverprobedevice+0x18c/0x220 [ 9.681505] driverprobedevice+0xac/0x150 [ 9.685712] _deviceattachdriver+0xec/0x170 [ 9.690178] busforeachdrv+0xf0/0x158 [ 9.694124] _deviceattach+0x184/0x210 [ 9.698070] deviceinitialprobe+0x14/0x20 [ 9.702277] busprobedevice+0xec/0x100 [ 9.706223] deferredprobeworkfunc+0x124/0x180 [ 9.710951] processonework+0x4b0/0xbc0 [ 9.714983] workerthread+0x74/0x5d0 [ 9.718668] kthread+0x214/0x230 [ 9.721919] retfromfork+0x10/0x20 [ 9.725520] [ 9.727032] The buggy address belongs to the variable: [ 9.732183] clkdivtable+0x24/0x440