Bug 1757368 (CVE-2017-18551)
| Summary: | CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, airlied, bdettelb, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jschorr, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, plougher, rkeshri, rt-maint, rvrbovsk, steved, vdronov, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
An out of bounds (OOB) memory access flaw was found in i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c in I2C subsystem. A read request for length (data->block[0]) greater than 'I2C_SMBUS_BLOCK_MAX + 1' may cause underlying I2C driver write out of array's boundary. This could allow a local attacker with special user privilege (or root) to crash the system or leak kernel internal information.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-12 16:31:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1757369, 1804074, 1822641, 1822642, 1888692, 1894458, 1894459, 1894460, 1894461 | ||
| Bug Blocks: | 1757371 | ||
|
Description
Dhananjay Arunesh
2019-10-01 10:39:40 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1757369] This was fixed for Fedora in the 4.14.15 stable update Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2104 https://access.redhat.com/errata/RHSA-2020:2104 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-18551 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:5206 https://access.redhat.com/errata/RHSA-2020:5206 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:5430 https://access.redhat.com/errata/RHSA-2020:5430 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:5656 https://access.redhat.com/errata/RHSA-2020:5656 |