Bug 2265646 (CVE-2024-26593) - CVE-2024-26593 kernel: i2c: i801: Fix block process call transactions
Summary: CVE-2024-26593 kernel: i2c: i801: Fix block process call transactions
Keywords:
Status: NEW
Alias: CVE-2024-26593
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2265898
Blocks: 2265643
TreeView+ depends on / blocked
 
Reported: 2024-02-23 13:46 UTC by Patrick Del Bello
Modified: 2024-05-02 22:50 UTC (History)
52 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:2634 0 None None None 2024-05-01 01:22:37 UTC
Red Hat Product Errata RHBA-2024:2650 0 None None None 2024-05-02 00:15:25 UTC
Red Hat Product Errata RHBA-2024:2686 0 None None None 2024-05-02 22:50:32 UTC
Red Hat Product Errata RHSA-2024:2394 0 None None None 2024-04-30 10:16:16 UTC

Description Patrick Del Bello 2024-02-23 13:46:45 UTC 
i2c: i801: Fix block process call transactions

According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.

The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.
Comment 3 Alex 2024-02-25 13:16:40 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2265898]
Comment 11 errata-xmlrpc 2024-04-30 10:16:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
Note You need to log in before you can comment on or make changes to this bug.