We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Bugpilot (Bug tracking)

Ok

THREATINT CVE Home CVE Diag Help
PUBLISHED

CVE-2024-26807

spi: cadence-qspi: fix pointer reference in runtime PM hooks

Reserved:2024-02-19
Published:2024-04-04
Updated:2024-04-04

Description

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: fix pointer reference in runtime PM hooks dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI controller. Neither embed the other; this lead to memory corruption. On a given platform (Mobileye EyeQ5) the memory corruption is hidden inside cqspi->f_pdata. Also, this uninitialised memory is used as a mutex (ctlr->bus_lock_mutex) by spi_controller_suspend().

Product status

Default status
unaffected

2087e85bb66e before 03f1573c9587
affected

2087e85bb66e before 34e1d5c4407c
affected

2087e85bb66e before 32ce3bb57b6b
affected

Default status
affected

6.4
affected

Any version before 6.4
unaffected

6.6.21
unaffected

6.7.9
unaffected

6.8
unaffected

References

https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61

https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03

https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc

cve.org CVE-2024-26807

nvd.nist.gov CVE-2024-26807

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-26807