Описание
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. In particular, the userspace controllable "data->block[0]" variable was not capped to a number between 0-255 and then used as the size of a memcpy, thus possibly writing beyond the end of dma_buffer. This flaw could allow a privileged local user to crash the system.
Отчет
Red Hat Enterprise Linux 6, 7 and 8 are not affected by this issue as they did not include support for I2C_SMBUS_BLOCK_PROC_CALL (upstream commit 5e9a97b).
Меры по смягчению последствий
This flaw can be mitigated by preventing the i2c-ismt module from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from being loaded automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:0334 | 23.01.2023 |
| Red Hat Enterprise Linux 9 | kernel-rt | Fixed | RHSA-2023:0300 | 23.01.2023 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:0334 | 23.01.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
A buffer overflow vulnerability was found in the Linux kernel Intel\u2 ...
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
EPSS
6.4 Medium
CVSS3