CVE-2024-35883
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2024-11-05 09:24
Severity ?
Summary
spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:41:14.519332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:16.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-pci1xxxx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4b31a226097c",
              "status": "affected",
              "version": "1cc0cbea7167",
              "versionType": "git"
            },
            {
              "lessThan": "95e5d9eb2670",
              "status": "affected",
              "version": "1cc0cbea7167",
              "versionType": "git"
            },
            {
              "lessThan": "1f886a7bfb3f",
              "status": "affected",
              "version": "1cc0cbea7167",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-pci1xxxx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe\n\nIn function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus-\u003espi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:24:24.061Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06"
        },
        {
          "url": "https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e"
        }
      ],
      "title": "spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35883",
    "datePublished": "2024-05-19T08:34:40.035Z",
    "dateReserved": "2024-05-17T13:50:33.112Z",
    "dateUpdated": "2024-11-05T09:24:24.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35883\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-19T09:15:09.527\",\"lastModified\":\"2024-05-20T13:00:04.957\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nspi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe\\n\\nIn function pci1xxxx_spi_probe, there is a potential null pointer that\\nmay be caused by a failed memory allocation by the function devm_kzalloc.\\nHence, a null pointer check needs to be added to prevent null pointer\\ndereferencing later in the code.\\n\\nTo fix this issue, spi_bus-\u003espi_int[iter] should be checked. The memory\\nallocated by devm_kzalloc will be automatically released, so just directly\\nreturn -ENOMEM without worrying about memory leaks.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: mchp-pci1xxx: corrige una posible desreferencia de puntero null en pci1xxx_spi_probe En la funci\u00f3n pci1xxxx_spi_probe, existe un posible puntero null que puede deberse a una asignaci\u00f3n de memoria fallida por parte de la funci\u00f3n devm_kzalloc. Por lo tanto, es necesario agregar una verificaci\u00f3n de puntero null para evitar que se elimine la referencia al puntero null m\u00e1s adelante en el c\u00f3digo. Para solucionar este problema, se debe marcar spi_bus-\u0026gt;spi_int[iter]. La memoria asignada por devm_kzalloc se liberar\u00e1 autom\u00e1ticamente, por lo que simplemente devuelva -ENOMEM directamente sin preocuparse por p\u00e9rdidas de memoria.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.