Linux Kernel SMBus Quick Operation Vulnerability in RTL9300 I2C Controller
Vulnerability
A vulnerability in the Linux kernel's I2C driver for the RTL9300 controller allows for improper data length handling in SMBus Quick Operations. The issue arises because the hardware does not support a data length of zero, which can lead to unintended behavior. Specifically, a length of zero causes an underflow that is interpreted as a request to transfer 16 bytes, instead of performing a quick write operation. This mismanagement can 'soft-brick' certain SFP modules by overwriting critical EEPROM data. The vulnerability affects Linux kernel versions 6.13 and later.
Impact
Exploitation of this vulnerability can cause a 16-byte write operation to be erroneously executed instead of the intended Quick Write, potentially damaging SFP modules by overwriting essential bytes, especially on those without write-protected EEPROM.
Remediation
Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.