| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024071645-CVE-2022-48806-445c@gregkh>
Date: Tue, 16 Jul 2024 13:45:58 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-48806: eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
Commit effa453168a7 ("i2c: i801: Don't silently correct invalid transfer
size") revealed that ee1004_eeprom_read() did not properly limit how
many bytes to read at once.
In particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the
length to read as an u8. If count == 256 after taking into account the
offset and page boundary, the cast to u8 overflows. And this is common
when user space tries to read the entire EEPROM at once.
To fix it, limit each read to I2C_SMBUS_BLOCK_MAX (32) bytes, already
the maximum length i2c_smbus_read_i2c_block_data_or_emulated() allows.
The Linux kernel CVE team has assigned CVE-2022-48806 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.4.174 with commit aca56c298e2a and fixed in 5.4.180 with commit 3937c35493ee
Issue introduced in 5.10.94 with commit 25714ad6bf5e and fixed in 5.10.101 with commit a37960df7eac
Issue introduced in 5.15.17 with commit be9313f755a7 and fixed in 5.15.24 with commit 9a5f471ae380
Issue introduced in 5.16.3 with commit 07d9beb6e3c2 and fixed in 5.16.10 with commit 9443ddeb3754
Issue introduced in 4.4.300 with commit 74650c34f930
Issue introduced in 4.9.298 with commit a126a8c3dd51
Issue introduced in 4.14.263 with commit 202d0e22fe51
Issue introduced in 4.19.226 with commit 7414af7bdad9
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-48806
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/misc/eeprom/ee1004.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/3937c35493ee2847aaefcfa5460e94b7443eef49
https://git.kernel.org/stable/c/a37960df7eac3cc8094bd1ab84864e9e32c91345
https://git.kernel.org/stable/c/9a5f471ae380f9fcb9756d453c12ca1f8595a93c
https://git.kernel.org/stable/c/9443ddeb3754e9e382a396b50adc1961301713ce
https://git.kernel.org/stable/c/c0689e46be23160d925dca95dfc411f1a0462708
Powered by blists - more mailing lists