CVE-2021-46934

LOW

Linux Kernel 4.15-4.19.223 - Denial of Service via Invalid I2C Compat IOCTL User Data

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to prevent reported warnings

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b

Patch

https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d

Patch

https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f

Patch

https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26

Patch

https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf

Scores

CVSS v3 3.3

EPSS 0.0023

EPSS Percentile 13.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (13)

Linux/Linux < 4.15

Linux/Linux 4.15

Linux/Linux 4.19.224 - 4.19.*

Linux/Linux 5.10.90 - 5.10.*

Linux/Linux 5.15.13 - 5.15.*

Linux/Linux 5.16

Linux/Linux 5.4.170 - 5.4.*

Linux/Linux 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b - 407c8708fb1bf2d4afc5337ef50635cf540c364b

Linux/Linux 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b - 8d31cbab4c295d7010ebb729e9d02d0e9cece18f

Linux/Linux 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b - 9e4a3f47eff476097e0c7faac04d1831fc70237d

... and 3 more

Published Feb 27, 2024

Tracked Since Feb 18, 2026