CVE-2024-35984 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer. [wsa: dropped the simplification in core-smbus to avoid theoretical regressions]

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

References

Link	Resource
https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83	Patch
https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d	Patch
https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde	Patch
https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620	Patch
https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec	Patch
https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f	Patch
https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23	Patch
https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-20T09:47:51.738Z

Updated: 2024-06-08T11:49:36.732Z

Reserved: 2024-05-17T13:50:33.145Z

Link: CVE-2024-35984

JSON object: View

NVD Information

Status : Modified

Published: 2024-05-20T10:15:12.830

Modified: 2024-06-27T12:15:27.137

Link: CVE-2024-35984

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35984", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.145Z", "datePublished": "2024-05-20T09:47:51.738Z", "dateUpdated": "2024-06-08T11:49:36.732Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-06-08T11:49:36.732Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: smbus: fix NULL function pointer dereference\n\nBaruch reported an OOPS when using the designware controller as target\nonly. Target-only modes break the assumption of one transfer function\nalways being available. Fix this by always checking the pointer in\n__i2c_transfer.\n\n[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/i2c-core-base.c"], "versions": [{"version": "63453b59e411", "lessThan": "40f1d79f07b4", "status": "affected", "versionType": "git"}, {"version": "63453b59e411", "lessThan": "ad3c3ac7a03b", "status": "affected", "versionType": "git"}, {"version": "63453b59e411", "lessThan": "5fd72404587d", "status": "affected", "versionType": "git"}, {"version": "63453b59e411", "lessThan": "5a09eae9a7db", "status": "affected", "versionType": "git"}, {"version": "63453b59e411", "lessThan": "4e75e222d397", "status": "affected", "versionType": "git"}, {"version": "63453b59e411", "lessThan": "e3425674ff68", "status": "affected", "versionType": "git"}, {"version": "63453b59e411", "lessThan": "357c64ef1ef3", "status": "affected", "versionType": "git"}, {"version": "63453b59e411", "lessThan": "91811a31b68d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/i2c-core-base.c"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.313", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.275", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.216", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.158", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.90", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d"}, {"url": "https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23"}, {"url": "https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec"}, {"url": "https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620"}, {"url": "https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde"}, {"url": "https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85"}, {"url": "https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83"}, {"url": "https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "title": "i2c: smbus: fix NULL function pointer dereference", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35984", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:11:46.719693Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:32.705Z"}}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD0B551B-4A09-4476-916B-5DFCF02BD5BC", "versionEndExcluding": "4.19.313", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FF6D8DE-C559-4586-86C8-2C6B4420A2C2", "versionEndExcluding": "5.4.275", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A44ABF89-F1BD-4C9A-895D-7596650DCD27", "versionEndExcluding": "5.10.216", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "65D80EF6-76AF-4186-B680-55516EA42EED", "versionEndExcluding": "5.15.158", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "59CEDDCF-5C0D-4939-9CFE-2F4524892DD3", "versionEndExcluding": "6.1.90", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5", "versionEndExcluding": "6.6.30", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612", "versionEndExcluding": "6.8.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: smbus: fix NULL function pointer dereference\n\nBaruch reported an OOPS when using the designware controller as target\nonly. Target-only modes break the assumption of one transfer function\nalways being available. Fix this by always checking the pointer in\n__i2c_transfer.\n\n[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]"}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: i2c: smbus: corrige la desreferencia del puntero de funci\u00f3n NULL. Baruch inform\u00f3 de un OOPS al usar el controlador de designware como destino \u00fanicamente. Los modos de solo objetivo rompen el supuesto de que siempre hay una funci\u00f3n de transferencia disponible. Solucione este problema comprobando siempre el puntero en __i2c_transfer. [wsa: abandon\u00f3 la simplificaci\u00f3n en core-smbus para evitar regresiones te\u00f3ricas]"}], "id": "CVE-2024-35984", "lastModified": "2024-06-27T12:15:27.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-20T10:15:12.830", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}