CVE-2021-46934

Summary

In the Linux kernel, the following vulnerability has been resolved:

i2c: validate user data in compat ioctl

Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to prevent reported warnings

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7d5cb45655f2e9e37ef75d18f50c0072ef14a38b < 407c8708fb1bf2d4afc5337ef50635cf540c364baffected
LinuxLinux7d5cb45655f2e9e37ef75d18f50c0072ef14a38b < 9e4a3f47eff476097e0c7faac04d1831fc70237daffected
LinuxLinux7d5cb45655f2e9e37ef75d18f50c0072ef14a38b < 8d31cbab4c295d7010ebb729e9d02d0e9cece18faffected
LinuxLinux7d5cb45655f2e9e37ef75d18f50c0072ef14a38b < f68599581067e8a5a8901ba9eb270b4519690e26affected
LinuxLinux7d5cb45655f2e9e37ef75d18f50c0072ef14a38b < bb436283e25aaf1533ce061605d23a9564447bdfaffected
LinuxLinux4.15affected
LinuxLinux0 < 4.15unaffected
LinuxLinux4.19.224 <= 4.19.*unaffected
LinuxLinux5.4.170 <= 5.4.*unaffected
LinuxLinux5.10.90 <= 5.10.*unaffected
LinuxLinux5.15.13 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References