| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 May 2024 14:57:13 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-27028: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler Description =========== In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler The TX buffer in spi_transfer can be a NULL pointer, so the interrupt handler may end up writing to the invalid memory and cause crashes. Add a check to trans->tx_buf before using it. The Linux kernel CVE team has assigned CVE-2024-27028 to this issue. Affected and fixed versions =========================== Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 4.19.311 with commit 2342b05ec534 Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 5.4.273 with commit 55f8ea6731aa Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 5.10.214 with commit bcfcdf196980 Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 5.15.153 with commit c10fed329c1c Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 6.1.83 with commit 766ec94cc574 Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 6.6.23 with commit 62b1f837b15c Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 6.7.11 with commit bea82355df9e Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 6.8.2 with commit 1784053cf10a Issue introduced in 4.11 with commit 1ce24864bff4 and fixed in 6.9-rc1 with commit a20ad45008a7 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-27028 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/spi/spi-mt65xx.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2342b05ec5342a519e00524a507f7a6ea6791a38 https://git.kernel.org/stable/c/55f8ea6731aa64871ee6aef7dba53ee9f9f3b2f6 https://git.kernel.org/stable/c/bcfcdf19698024565eff427706ebbd8df65abd11 https://git.kernel.org/stable/c/c10fed329c1c104f375a75ed97ea3abef0786d62 https://git.kernel.org/stable/c/766ec94cc57492eab97cbbf1595bd516ab0cb0e4 https://git.kernel.org/stable/c/62b1f837b15cf3ec2835724bdf8577e47d14c753 https://git.kernel.org/stable/c/bea82355df9e1c299625405b1947fc9b26b4c6d4 https://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713 https://git.kernel.org/stable/c/a20ad45008a7c82f1184dc6dee280096009ece55
Powered by blists - more mailing lists