PT-2022-4884 · Linux+10 · Linux Kernel+10

Zheyu Ma

·

Published

2022-07-29

·

Updated

2023-08-14

·

CVE-2022-2873

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An out-of-bounds memory access flaw was found in the Linux kernel's Intel iSMT SMBus host controller driver. This issue arises when a user triggers the I2C SMBUS BLOCK DATA with malicious input data using the ioctl I2C SMBUS. The flaw allows a local user to crash the system. The vulnerability is related to the incorrect calculation of the buffer size in the ismt access() function when processing the I2C SMBUS BLOCK DATA block data record.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-131

Related Identifiers

ALSA-2023:0832
ALSA-2023:0854
ALSA-2023:0951
ALSA-2023:0979
ALT-PU-2022-2497
ALT-PU-2022-2523
ALT-PU-2022-2915
ALT-PU-2022-2919
ALT-PU-2022-3400
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-10617
BDU:2022-06024
CESA-2023_0832
CESA-2023_0854
CVE-2022-2873
DLA-3349-1
DLA-3403-1
DSA-5324-1
OESA-2023-1034
OESA-2023-1035
OESA-2023-1036
OESA-2023-1037
OPENSUSE-SU-2022_3288-1
OPENSUSE-SU-2022_3293-1
OPENSUSE-SU-2022_4617-1
RHSA-2023:0832
RHSA-2023:0854
RHSA-2023:0951
RHSA-2023:0979
RHSA-2023:5627
RHSA-2023_0832
RHSA-2023_0854
RHSA-2023_0951
RHSA-2023_0979
RLSA-2023:0832
RLSA-2023:0854
RLSA-2023:0979
RXSA-2023:0832
RXSA-2023:0951
SUSE-SU-2022:3288-1
SUSE-SU-2022:3293-1
SUSE-SU-2022:4617-1
USN-5594-1
USN-5599-1
USN-5602-1
USN-5616-1
USN-5623-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu