CVE-2021-46934

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.19.223 Linux kernel versions prior to 5.4.169 Linux kernel versions prior to 5.10.89 Linux kernel versions prior to 5.15 Linux kernel versions prior to 5.15.12

Description The issue is related to the i2c transfer() function in the Linux kernel's i2c component, which does not properly validate user data. This can cause warnings when incorrect user data is provided, such as zero messages. To prevent this, validation checks have been added for user data in compact ioctl. The vulnerability may allow an attacker to impact the integrity of protected information.

Recommendations For Linux kernel versions prior to 4.19.223, update to version 4.19.223 or later. For Linux kernel versions prior to 5.4.169, update to version 5.4.169 or later. For Linux kernel versions prior to 5.10.89, update to version 5.10.89 or later. For Linux kernel versions prior to 5.15, update to version 5.15 or later. For Linux kernel versions prior to 5.15.12, update to version 5.15.12 or later. As a temporary workaround, consider restricting access to the i2c transfer() function until a patch is available.