lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260206083752.268838-1-quic_mdalam@quicinc.com>
Date: Fri, 6 Feb 2026 14:07:52 +0530
From: Md Sadre Alam <quic_mdalam@...cinc.com>
To: <miquel.raynal@...tlin.com>, <richard@....at>, <vigneshr@...com>,
        <tudor.ambarus@...aro.org>, <chengminglin@...c.com.tw>,
        <mmkurbanov@...utedevices.com>, <mikhail.kshevetskiy@...sys.eu>,
        <linux-mtd@...ts.infradead.org>, <linux-kernel@...r.kernel.org>
CC: <quic_mdalam@...cinc.com>
Subject: [PATCH] mtd: spinand: fix NULL pointer dereference in spinand_support_vendor_ops()

The spinand_support_vendor_ops() helper unconditionally dereferences
info->vendor_ops. For chips that do not define vendor_ops, this pointer
is NULL, leading to a kernel panic during probe:

Unable to handle kernel NULL pointer dereference at virtual address
0000000000000008

Add a guard to return early when vendor_ops is NULL. This prevents the
crash and allows SPI NAND devices without vendor-specific operations to
be probed correctly.

Fixes: fbc7538782f8 ("mtd: spinand: List vendor specific operations and make sure they are supported")
Cc: stable@...r.kernel.org
Signed-off-by: Md Sadre Alam <quic_mdalam@...cinc.com>
---
 drivers/mtd/nand/spi/core.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/mtd/nand/spi/core.c b/drivers/mtd/nand/spi/core.c
index 514f653f27f3..29fb2ac19569 100644
--- a/drivers/mtd/nand/spi/core.c
+++ b/drivers/mtd/nand/spi/core.c
@@ -1435,6 +1435,8 @@ static int spinand_support_vendor_ops(struct spinand_device *spinand,
 {
 	int i;
 
+	if (!info->vendor_ops)
+		return 0;
 	/*
 	 * The vendor ops array is only used in order to verify this chip and all its memory
 	 * operations are supported. If we see patterns emerging, we could ideally name these
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ