Re: CVE-2021-46934: i2c: validate user data in compat ioctl

From: Carlos López
Date: Tue Feb 27 2024 - 08:34:09 EST

Next message: Vlastimil Babka: "Re: [PATCH v4 00/36] Memory allocation profiling"
Previous message: Johan Hovold: "drm/msm: DisplayPort hard-reset on hotplug regression in 6.8-rc1"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2021-46934: i2c: validate user data in compat ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On 27/2/24 10:48, Greg Kroah-Hartman wrote:

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

i2c: validate user data in compat ioctl

Wrong user data may cause warning in i2c_transfer(), ex: zero msgs.
Userspace should not be able to trigger warnings, so this patch adds
validation checks for user data in compact ioctl to prevent reported
warnings

What's the security impact here exactly?

--
Carlos López
Security Engineer
SUSE Software Solutions

Next message: Vlastimil Babka: "Re: [PATCH v4 00/36] Memory allocation profiling"
Previous message: Johan Hovold: "drm/msm: DisplayPort hard-reset on hotplug regression in 6.8-rc1"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2021-46934: i2c: validate user data in compat ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]