CVE-2022-48806

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the ee1004 eeprom read() function not properly limiting the number of bytes to read at once. Specifically, i2c smbus read i2c block data or emulated() takes the length to read as an u8. If count equals 256 after considering the offset and page boundary, the cast to u8 overflows. This is common when user space attempts to read the entire EEPROM at once. The problem can be fixed by limiting each read to I2C SMBUS BLOCK MAX (32) bytes.

Recommendations To resolve the issue, limit each read to I2C SMBUS BLOCK MAX (32) bytes, which is already the maximum length i2c smbus read i2c block data or emulated() allows. As a temporary workaround, consider restricting the use of the ee1004 eeprom read() function until a patch is available.