Improper error handling in Linux kernel i2c driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-46934 |
| CWE-ID | CWE-754 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU89264
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46934
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to produce warnings from the userspace.
The vulnerability exists due to improper error handling within the compat_i2cdev_ioctl() function in drivers/i2c/i2c-dev.c. A local user can pass specially crafted data to the driver and influence its behavior.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: before 4.19.224
External linkshttp://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b
http://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d
http://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f
http://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26
http://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
