Linux Kernel i2c Integer Overflow Vulnerability

http://www.securityfocus.com/archive...4/2004-06-20/0

Introduction
#############

The Linux Kernel is the core of the Linux Operating
System, and provides the usual features of a modern
multi-user kernel. Drivers to support many different
devices are available packaged with the Linux Kernel,
including the 'i2c' driver, which provides support for
the 2-wire I2C bus.

In the i2c driver, there is an integer overflow
vulnerability during the allocation of memory,
potentially opening any systems using the i2c driver
up to a security hole.


Default RH kernel:

#
# I2C support
#
CONFIG_I2C=m
CONFIG_I2C_ALGOBIT=m
CONFIG_I2C_PHILIPSPAR=m
CONFIG_I2C_ELV=m
CONFIG_I2C_VELLEMAN=m
CONFIG_I2C_ALGOPCF=m
CONFIG_I2C_ELEKTOR=m
CONFIG_I2C_MAINBOARD=y
CONFIG_I2C_AMD756=m
CONFIG_I2C_I801=m
CONFIG_I2C_PIIX4=m
CONFIG_I2C_VIA=m
CONFIG_I2C_VIAPRO=m
CONFIG_I2C_VOODOO3=m
CONFIG_I2C_ALI1535=m
# CONFIG_I2C_TSUNAMI is not set
CONFIG_I2C_SIS5595=m
CONFIG_I2C_ISA=m
CONFIG_I2C_CHARDEV=m
CONFIG_I2C_PROC=m

 

 

 

 

Top