CVE-2021-46934

i2c: validate user data in compat ioctl

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

i2c: validate user data in compat ioctl

Wrong user data may cause warning in i2c_transfer(), ex: zero msgs.
Userspace should not be able to trigger warnings, so this patch adds
validation checks for user data in compact ioctl to prevent reported
warnings

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: validar datos de usuario en compat ioctl Los datos de usuario incorrectos pueden causar advertencia en i2c_transfer(), ej: cero mensajes. El espacio de usuario no debería poder activar advertencias, por lo que este parche agrega comprobaciones de validación para los datos del usuario en ioctl compacto para evitar advertencias reportadas.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-02-27 CVE Published
2024-02-28 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-703: Improper Check or Handling of Exceptional Conditions
CWE-754: Improper Check for Unusual or Exceptional Conditions

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/7d5cb45655f2e9e37ef75d18f50c0072ef14a38b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b	2022-01-05
https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d	2022-01-05
https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f	2022-01-05
https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26	2022-01-05
https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf	2021-12-31

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-46934	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2266446	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 4.19.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.224"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.4.170 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.4.170"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.10.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.10.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.15.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.15.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.16"		en		Affected