CVE-2024-26593

CVSS v3.1 7.1 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 31

NVD Status Modified

In the Linux kernel, the following vulnerability has been resolved:

i2c: i801: Fix block process call transactions

According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.

The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
NVD Status: Modified
CNA: kernel.org
Published Date: 2024-02-23 10:15:07
(6 months ago)
Updated Date: 2024-06-25 23:15:24
(2 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.3.0 version and prior 5.4.269 version	cpe:2.3:o:linux:linux_kernel	>= 5.3.0	< 5.4.269
Linux Kernel from 5.5.0 version and prior 5.10.210 version	cpe:2.3:o:linux:linux_kernel	>= 5.5.0	< 5.10.210
Linux Kernel from 5.11.0 version and prior 5.15.149 version	cpe:2.3:o:linux:linux_kernel	>= 5.11.0	< 5.15.149
Linux Kernel from 5.16.0 version and prior 6.1.79 version	cpe:2.3:o:linux:linux_kernel	>= 5.16.0	< 6.1.79
Linux Kernel from 6.2.0 version and prior 6.6.18 version	cpe:2.3:o:linux:linux_kernel	>= 6.2.0	< 6.6.18
Linux Kernel from 6.7.0 version and prior 6.7.6 version	cpe:2.3:o:linux:linux_kernel	>= 6.7.0	< 6.7.6