CVE-2024-26807

medium

Description

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: fix pointer reference in runtime PM hooks dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI controller. Neither embed the other; this lead to memory corruption. On a given platform (Mobileye EyeQ5) the memory corruption is hidden inside cqspi->f_pdata. Also, this uninitialised memory is used as a mutex (ctlr->bus_lock_mutex) by spi_controller_suspend().

References

https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03

https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc

https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61

Details

Source: Mitre, NVD

Published: 2024-04-04

Updated: 2024-04-04

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium