| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Apr 2024 10:23:24 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-26807: spi: cadence-qspi: fix pointer reference in runtime PM hooks Description =========== In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: fix pointer reference in runtime PM hooks dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI controller. Neither embed the other; this lead to memory corruption. On a given platform (Mobileye EyeQ5) the memory corruption is hidden inside cqspi->f_pdata. Also, this uninitialised memory is used as a mutex (ctlr->bus_lock_mutex) by spi_controller_suspend(). The Linux kernel CVE team has assigned CVE-2024-26807 to this issue. Affected and fixed versions =========================== Issue introduced in 6.4 with commit 2087e85bb66e and fixed in 6.6.21 with commit 03f1573c9587 Issue introduced in 6.4 with commit 2087e85bb66e and fixed in 6.7.9 with commit 34e1d5c4407c Issue introduced in 6.4 with commit 2087e85bb66e and fixed in 6.8 with commit 32ce3bb57b6b Issue introduced in 4.19.283 with commit e3f9fc9a4f14 Issue introduced in 5.4.243 with commit 6716203844bc Issue introduced in 5.10.180 with commit b24f1ecc8fe2 Issue introduced in 5.15.111 with commit d453f25faf68 Issue introduced in 6.1.28 with commit 79acf7fb856e Issue introduced in 6.2.15 with commit 18cb554e9da8 Issue introduced in 6.3.2 with commit 1368dbc0a432 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-26807 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/spi/spi-cadence-quadspi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61 https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03 https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc
Powered by blists - more mailing lists