CVE-2022-48806

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX<br /> <br /> Commit effa453168a7 ("i2c: i801: Don&amp;#39;t silently correct invalid transfer<br /> size") revealed that ee1004_eeprom_read() did not properly limit how<br /> many bytes to read at once.<br /> <br /> In particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the<br /> length to read as an u8. If count == 256 after taking into account the<br /> offset and page boundary, the cast to u8 overflows. And this is common<br /> when user space tries to read the entire EEPROM at once.<br /> <br /> To fix it, limit each read to I2C_SMBUS_BLOCK_MAX (32) bytes, already<br /> the maximum length i2c_smbus_read_i2c_block_data_or_emulated() allows.