Out-of-bounds read in Linux kernel i801 driver



Published: 2024-05-08
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-26593
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU89250

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26593

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 5.4.269

External links

http://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7
http://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f
http://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a
http://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c
http://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9
http://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2
http://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###