CVE-2022-48806

eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX Commit effa453168a7 ("i2c: i801: Don't silently correct invalid transfer
size") revealed that ee1004_eeprom_read() did not properly limit how
many bytes to read at once. In particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the
length to read as an u8. If count == 256 after taking into account the
offset and page boundary, the cast to u8 overflows. And this is common
when user space tries to read the entire EEPROM at once. To fix it, limit each read to I2C_SMBUS_BLOCK_MAX (32) bytes, already
the maximum length i2c_smbus_read_i2c_block_data_or_emulated() allows.

In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX Commit effa453168a7 ("i2c: i801: Don't silently correct invalid transfer size") revealed that ee1004_eeprom_read() did not properly limit how many bytes to read at once. In particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the length to read as an u8. If count == 256 after taking into account the offset and page boundary, the cast to u8 overflows. And this is common when user space tries to read the entire EEPROM at once. To fix it, limit each read to I2C_SMBUS_BLOCK_MAX (32) bytes, already the maximum length i2c_smbus_read_i2c_block_data_or_emulated() allows.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-16 CVE Reserved
2024-07-16 CVE Published
2024-12-19 CVE Updated
2025-03-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/aca56c298e2a6d20ab6308e203a8d37f2a7759d3	Vuln. Introduced
https://git.kernel.org/stable/c/25714ad6bf5e98025579fa4c08ff2041a663910c	Vuln. Introduced
https://git.kernel.org/stable/c/be9313f755a7bfa02230b15731d07074d5255ecb	Vuln. Introduced
https://git.kernel.org/stable/c/07d9beb6e3c2e852e884113d6803ea4b3643ae38	Vuln. Introduced
https://git.kernel.org/stable/c/74650c34f93044d3ab441235f161f9e1e761e96b	Vuln. Introduced
https://git.kernel.org/stable/c/a126a8c3dd51519513141b4fc94fd4813bca2c0f	Vuln. Introduced
https://git.kernel.org/stable/c/202d0e22fe512df0f1cb6253d40ce1058e373247	Vuln. Introduced
https://git.kernel.org/stable/c/7414af7bdad9a9cddb3a765ca98ea207048618c5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3937c35493ee2847aaefcfa5460e94b7443eef49	2022-02-16
https://git.kernel.org/stable/c/a37960df7eac3cc8094bd1ab84864e9e32c91345	2022-02-16
https://git.kernel.org/stable/c/9a5f471ae380f9fcb9756d453c12ca1f8595a93c	2022-02-16
https://git.kernel.org/stable/c/9443ddeb3754e9e382a396b50adc1961301713ce	2022-02-16
https://git.kernel.org/stable/c/c0689e46be23160d925dca95dfc411f1a0462708	2022-02-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.174 < 5.4.180 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.174 < 5.4.180"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.94 < 5.10.101 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.94 < 5.10.101"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.17 < 5.15.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.17 < 5.15.24"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16.3 < 5.16.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16.3 < 5.16.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.4.300 Search vendor "Linux" for product "Linux Kernel" and version "4.4.300"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.9.298 Search vendor "Linux" for product "Linux Kernel" and version "4.9.298"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.263 Search vendor "Linux" for product "Linux Kernel" and version "4.14.263"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.226 Search vendor "Linux" for product "Linux Kernel" and version "4.19.226"		en		Affected