[SRU][M][PATCH 0/1] CVE-2024-26593
Bethany Jamison
bethany.jamison at canonical.com
Mon Apr 8 18:35:03 UTC 2024
[Impact]
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Fix block process call transactions
According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.
The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.
[Fix]
Mantic: Clean cherry-pick.
Jammy: pending
Focal: pending
Bionic: not-affected
Xenial: not-affected
Trusty: not-affected
[Test Case]
Compile and boot tested.
[Where problems could occur]
This fix affects those using the i2c i801 driver, an issue with this
fix would be visable via unexpected system behavior and potentially
a crash. This fix has a low risk of regression as it is very
simple and utilizes code sections that have already been developed.
Jean Delvare (1):
i2c: i801: Fix block process call transactions
drivers/i2c/busses/i2c-i801.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list