CVE-2021-47153

i2c: i801: Don't generate an interrupt on bus reset

Severity Score

5.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

i2c: i801: Don't generate an interrupt on bus reset

Now that the i2c-i801 driver supports interrupts, setting the KILL bit
in a attempt to recover from a timed out transaction triggers an
interrupt. Unfortunately, the interrupt handler (i801_isr) is not
prepared for this situation and will try to process the interrupt as
if it was signaling the end of a successful transaction. In the case
of a block transaction, this can result in an out-of-range memory
access.

This condition was reproduced several times by syzbot:
https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e
https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e
https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e
https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb
https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a
https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79

So disable interrupts while trying to reset the bus. Interrupts will
be enabled again for the following transaction.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: i801: no genera una interrupción al restablecer el bus Ahora que el controlador i2c-i801 admite interrupciones, configurar el bit KILL en un intento de recuperarse de una transacción con tiempo de espera agotado se activa una interrupción. Desafortunadamente, el controlador de interrupciones (i801_isr) no está preparado para esta situación e intentará procesar la interrupción como si estuviera indicando el final de una transacción exitosa. En el caso de una transacción en bloque, esto puede resultar en un acceso a la memoria fuera de rango. Esta condición fue reproducida varias veces por syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug ?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b 4d3fd1dfd53e90afd79 Entonces deshabilite las interrupciones al intentar restablecer el bus. Las interrupciones se habilitarán nuevamente para la siguiente transacción.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.2

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-04 CVE Reserved
2024-03-25 CVE Published
2024-03-26 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/636752bcb5177a301d0266270661581de8624828	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629	2021-06-03
https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3	2021-06-03
https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6	2021-06-03
https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c	2021-06-03
https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b	2021-06-03
https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef	2021-06-03
https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a	2021-06-03
https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b	2021-05-27

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-47153	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2271476	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 4.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.4.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 4.9.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.9.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 4.14.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.14.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 4.19.193 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.19.193"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.4.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.10.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.12.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.13"		en		Affected