CVE-2024-26593
HIGHLinux Kernel 5.3.0-6.7.5 - Out-of-bounds Read in i2c i801 Block Process Call Transactions
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/
Scores
CVSS v3
7.1
EPSS
0.0029
EPSS Percentile
20.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (23)
linux/Kernel
5.11.0 - 5.15.149linux
linux/Kernel
5.16.0 - 6.1.79linux
linux/Kernel
5.3.0 - 5.4.269linux
linux/Kernel
5.5.0 - 5.10.210linux
linux/Kernel
6.2.0 - 6.6.18linux
linux/Kernel
6.7.0 - 6.7.6linux
Linux/Linux
< 5.3
Linux/Linux
315cd67c945351f8a569500f8ab16b7fa94026e8 - 1f8d0691c50581ba6043f009ec9e8b9f78f09d5a
Linux/Linux
315cd67c945351f8a569500f8ab16b7fa94026e8 - 491528935c9c48bf341d8b40eabc6c4fc5df6f2c
Linux/Linux
315cd67c945351f8a569500f8ab16b7fa94026e8 - 609c7c1cc976e740d0fed4dbeec688b3ecb5dce2
... and 13 more
Published
Feb 23, 2024
Tracked Since
Feb 18, 2026