CVE-2024-26593
i2c: i801: Fix block process call transactions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Fix block process call transactions
According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.
The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: i801: Reparar transacciones de llamada de proceso de bloque Según las hojas de datos de Intel, el software debe restablecer el índice del búfer de bloque dos veces para transacciones de llamada de proceso de bloque: una vez antes de escribir los datos salientes en el búfer , y una vez más antes de leer los datos entrantes del búfer. Actualmente, al controlador le falta el segundo reinicio, lo que provoca que se lea la parte incorrecta del búfer de bloque.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-02-23 CVE Published
- 2024-04-21 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/315cd67c945351f8a569500f8ab16b7fa94026e8 | Vuln. Introduced | |
| https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-26593 | 2024-06-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2265646 | 2024-06-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.4.269" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.10.210" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.15.149" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.1.79" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.6.18" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.7.6" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.8" | en |
Affected
| ||||||