#VU89264 Improper Check for Unusual or Exceptional Conditions in Linux kernel - CVE-2021-46934

Cybersecurity Help s.r.o.

Published: 2024-05-08

Vulnerability identifier: #VU89264

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46934

CWE-ID: CWE-754

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to produce warnings from the userspace.

The vulnerability exists due to improper error handling within the compat_i2cdev_ioctl() function in drivers/i2c/i2c-dev.c. A local user can pass specially crafted data to the driver and influence its behavior.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 4.19.224, 4.19.224

External links
https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b
https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d
https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f
https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26
https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Anolis OS update for kernel

Multiple vulnerabilities in IBM Technical Support Appliance

Multiple vulnerabilities in Juniper Secure Analytics (JSA)

Multiple vulnerabilities in IBM QRadar SIEM

Multiple vulnerabilities in IBM Cloud Pak for AIOps

SUSE update for the Linux Kernel

Red Hat Enterprise Linux 8 update for kernel