CVE-2021-46934 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to prevent reported warnings

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

References

Link	Resource
https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b	Patch
https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f	Patch
https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d	Patch
https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf	Patch
https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-27T09:44:01.411Z

Updated: 2024-07-05T17:21:06.191Z

Reserved: 2024-02-25T13:45:52.720Z

Link: CVE-2021-46934

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-27T10:15:07.877

Modified: 2024-04-10T18:19:53.630

Link: CVE-2021-46934

JSON object: View

Redhat Information

No data.

CWE

CWE-754

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46934", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:45:52.720Z", "datePublished": "2024-02-27T09:44:01.411Z", "dateUpdated": "2024-07-05T17:21:06.191Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T04:59:06.695Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: validate user data in compat ioctl\n\nWrong user data may cause warning in i2c_transfer(), ex: zero msgs.\nUserspace should not be able to trigger warnings, so this patch adds\nvalidation checks for user data in compact ioctl to prevent reported\nwarnings"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/i2c-dev.c"], "versions": [{"version": "7d5cb45655f2", "lessThan": "407c8708fb1b", "status": "affected", "versionType": "git"}, {"version": "7d5cb45655f2", "lessThan": "9e4a3f47eff4", "status": "affected", "versionType": "git"}, {"version": "7d5cb45655f2", "lessThan": "8d31cbab4c29", "status": "affected", "versionType": "git"}, {"version": "7d5cb45655f2", "lessThan": "f68599581067", "status": "affected", "versionType": "git"}, {"version": "7d5cb45655f2", "lessThan": "bb436283e25a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/i2c-dev.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.224", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.170", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.90", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.13", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b"}, {"url": "https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d"}, {"url": "https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f"}, {"url": "https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26"}, {"url": "https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf"}], "title": "i2c: validate user data in compat ioctl", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T16:18:35.081460Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:06.191Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B34A1353-506A-4AB9-87EC-CD50F09DFB8A", "versionEndExcluding": "4.19.224", "versionStartIncluding": "4.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "56D16FBB-453E-4316-A027-E517828203D7", "versionEndExcluding": "5.4.170", "versionStartIncluding": "4.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B", "versionEndExcluding": "5.10.90", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04", "versionEndExcluding": "5.15.13", "versionStartIncluding": "5.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: validate user data in compat ioctl\n\nWrong user data may cause warning in i2c_transfer(), ex: zero msgs.\nUserspace should not be able to trigger warnings, so this patch adds\nvalidation checks for user data in compact ioctl to prevent reported\nwarnings"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: validar datos de usuario en compat ioctl Los datos de usuario incorrectos pueden causar advertencia en i2c_transfer(), ej: cero mensajes. El espacio de usuario no deber\u00eda poder activar advertencias, por lo que este parche agrega comprobaciones de validaci\u00f3n para los datos del usuario en ioctl compacto para evitar advertencias reportadas."}], "id": "CVE-2021-46934", "lastModified": "2024-04-10T18:19:53.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T10:15:07.877", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}