// For flags

CVE-2021-47153

i2c: i801: Don't generate an interrupt on bus reset

Severity Score

6.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

i2c: i801: Don't generate an interrupt on bus reset

Now that the i2c-i801 driver supports interrupts, setting the KILL bit
in a attempt to recover from a timed out transaction triggers an
interrupt. Unfortunately, the interrupt handler (i801_isr) is not
prepared for this situation and will try to process the interrupt as
if it was signaling the end of a successful transaction. In the case
of a block transaction, this can result in an out-of-range memory
access.

This condition was reproduced several times by syzbot:
https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e
https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e
https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e
https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb
https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a
https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79

So disable interrupts while trying to reset the bus. Interrupts will
be enabled again for the following transaction.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: i801: no genera una interrupción al restablecer el bus Ahora que el controlador i2c-i801 admite interrupciones, configurar el bit KILL en un intento de recuperarse de una transacción con tiempo de espera agotado se activa una interrupción. Desafortunadamente, el controlador de interrupciones (i801_isr) no está preparado para esta situación e intentará procesar la interrupción como si estuviera indicando el final de una transacción exitosa. En el caso de una transacción en bloque, esto puede resultar en un acceso a la memoria fuera de rango. Esta condición fue reproducida varias veces por syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug ?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b 4d3fd1dfd53e90afd79 Entonces deshabilite las interrupciones al intentar restablecer el bus. Las interrupciones se habilitarán nuevamente para la siguiente transacción.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-04 CVE Reserved
  • 2024-03-25 CVE Published
  • 2024-03-26 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.6 < 4.4.271
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.4.271"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.6 < 4.9.271
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.9.271"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.6 < 4.14.235
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.14.235"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.6 < 4.19.193
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.19.193"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.6 < 5.4.124
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.4.124"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.6 < 5.10.42
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.10.42"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.6 < 5.12.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.12.9"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.6 < 5.13
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.13"
en
Affected