CVE-2021-47153

Updated: 2024-06-18 20:16:38.226747

Description:

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.2

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 5.2 MEDIUM Ignored 2024-06-24 11:20:44
AlmaLinux 9.2 FIPS kernel 5.14.0 5.2 MEDIUM Ignored 2024-06-24 11:20:44
CentOS 6 ELS kernel 2.6.32 5.2 MEDIUM Ignored 2024-06-24 10:10:46
CentOS 7 ELS kernel 3.10.0 5.2 MEDIUM Released CLSA-2024:1720468480 2024-07-23 17:18:20
CentOS 8.4 ELS kernel 4.18.0 5.2 MEDIUM Ignored 2024-06-24 11:20:43
CentOS 8.5 ELS kernel 4.18.0 5.2 MEDIUM Ignored 2024-06-24 11:20:44
CentOS Stream 8 ELS kernel 4.18.0 5.2 MEDIUM Already Fixed 2024-06-09 14:19:11
CloudLinux 6 ELS kernel 2.6.32 5.2 MEDIUM Ignored 2024-06-24 10:10:46
Oracle Linux 6 ELS kernel 2.6.32 5.2 MEDIUM Ignored 2024-06-24 10:10:42