gsd-2024-26807
Vulnerability from gsd
Modified
2024-02-20 06:02
Details
In the Linux kernel, the following vulnerability has been resolved:
spi: cadence-qspi: fix pointer reference in runtime PM hooks
dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI
controller. Neither embed the other; this lead to memory corruption.
On a given platform (Mobileye EyeQ5) the memory corruption is hidden
inside cqspi->f_pdata. Also, this uninitialised memory is used as a
mutex (ctlr->bus_lock_mutex) by spi_controller_suspend().
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-26807" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: fix pointer reference in runtime PM hooks\n\ndev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI\ncontroller. Neither embed the other; this lead to memory corruption.\n\nOn a given platform (Mobileye EyeQ5) the memory corruption is hidden\ninside cqspi-\u003ef_pdata. Also, this uninitialised memory is used as a\nmutex (ctlr-\u003ebus_lock_mutex) by spi_controller_suspend().", "id": "GSD-2024-26807", "modified": "2024-02-20T06:02:29.207453Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@kernel.org", "ID": "CVE-2024-26807", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2087e85bb66e", "version_value": "03f1573c9587" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "custom" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "custom" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } } ] } } ] }, "vendor_name": "Linux" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: fix pointer reference in runtime PM hooks\n\ndev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI\ncontroller. Neither embed the other; this lead to memory corruption.\n\nOn a given platform (Mobileye EyeQ5) the memory corruption is hidden\ninside cqspi-\u003ef_pdata. Also, this uninitialised memory is used as a\nmutex (ctlr-\u003ebus_lock_mutex) by spi_controller_suspend()." } ] }, "generator": { "engine": "bippy-e0c11145c45e" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61", "refsource": "MISC", "url": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61" }, { "name": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03", "refsource": "MISC", "url": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03" }, { "name": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc", "refsource": "MISC", "url": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc" } ] } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: fix pointer reference in runtime PM hooks\n\ndev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI\ncontroller. Neither embed the other; this lead to memory corruption.\n\nOn a given platform (Mobileye EyeQ5) the memory corruption is hidden\ninside cqspi-\u003ef_pdata. Also, this uninitialised memory is used as a\nmutex (ctlr-\u003ebus_lock_mutex) by spi_controller_suspend()." }, { "lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cadence-qspi: corrige la referencia del puntero en los ganchos PM en tiempo de ejecuci\u00f3n dev_get_drvdata() se utiliza para adquirir el puntero a cqspi y el controlador SPI. Ninguno de los dos integra al otro; Esto conduce a la corrupci\u00f3n de la memoria. En una plataforma determinada (Mobileye EyeQ5), la corrupci\u00f3n de la memoria est\u00e1 oculta dentro de cqspi-\u0026gt;f_pdata. Adem\u00e1s, esta memoria no inicializada se utiliza como mutex (ctlr-\u0026gt;bus_lock_mutex) por spi_controller_suspend()." } ], "id": "CVE-2024-26807", "lastModified": "2024-04-04T12:48:22.650", "metrics": {}, "published": "2024-04-04T09:15:09.380", "references": [ { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03" } ], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis" } } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.