Jonas Malaco

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `ee1004 eeprom read()` function not properly limiting the number of bytes to read at once. Specifically, `i2c smbus read i2c block data or emulated()` takes the length to read as an `u8`. If `count` equals 256 after considering the offset and page boundary, the cast to `u8` overflows. This is common when user space attempts to read the entire EEPROM at once. The problem can be fixed by limiting each read to `I2C SMBUS BLOCK MAX` (32) bytes. **Recommendations** To resolve the issue, limit each read to `I2C SMBUS BLOCK MAX` (32) bytes, which is already the maximum length `i2c smbus read i2c block data or emulated()` allows. As a temporary workaround, consider restricting the use of the `ee1004 eeprom read()` function until a patch is available.