Vulnerability identifier: #VU89250
Vulnerability risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor:
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7
http://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f
http://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a
http://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c
http://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9
http://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2
http://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.