CVE-2024-26593: i2c: i801: Fix block process call transactions

Published Feb 23, 2024
·
Updated

i2c: i801: Fix block process call transactions

According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer.

The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read.

Other sources

Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read within i2c: i801. An attacker could exploit this vulnerability to cause the wrong portion of the block buffer to be read or a denial of service.

IBM

Affected Software

11 affected componentsFixes available
Linux Linux kernel>=5.3.0<5.4.269
Linux Linux kernel>=5.5.0<5.10.210
Linux Linux kernel>=5.11.0<5.15.149
Linux Linux kernel>=5.16.0<6.1.79
Linux Linux kernel>=6.2.0<6.6.18
Linux Linux kernel>=6.7.0<6.7.6
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1

Remediation

Patch Available

https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a

Patch Available

https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c

Patch Available

https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2

Patch Available

https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9

Patch Available

https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f

Patch Available

https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21

Patch Available

https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7

Patch Available

https://git.kernel.org/linus/315cd67c945351f8a569500f8ab16b7fa94026e8

Patch Available

https://git.kernel.org/linus/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21

Event History

Feb 23, 2024
CVE Published
via MITRE·09:09 AM
Data Sourced
via MITRE·09:09 AM
Description
Data Sourced
via NVD·10:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Data Sourced
via Red Hat·01:46 PM
DescriptionSeverityAffected Software
May 15, 2024
Data Sourced
via Launchpad·08:30 PM
Description
Apr 29, 2025
Data Sourced
via Ubuntu·06:12 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-26593?

CVE-2024-26593 has a moderate severity level, affecting the block process call transactions in the i2c subsystem.

2

How do I fix CVE-2024-26593?

To fix CVE-2024-26593, update the Linux kernel to a version that addresses this vulnerability, such as 5.10.223-1 or later.

3

Which versions of the Linux kernel are affected by CVE-2024-26593?

CVE-2024-26593 affects Linux kernel versions between 5.3.0 and 6.7.6 inclusive.

4

Is CVE-2024-26593 related to a specific component in the Linux kernel?

Yes, CVE-2024-26593 specifically affects the i2c: i801 component within the Linux kernel.

5

What potential impact does CVE-2024-26593 have on systems?

If exploited, CVE-2024-26593 may lead to improper handling of block process calls, which could affect system stability and data integrity.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203