CVE-2016-10764

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.9.6

Description The issue is related to an off-by-one error in the cqspi setup flash() function, located in the drivers/mtd/spi-nor/cadence-quadspi.c file. This error occurs because there are CQSPI MAX CHIPSELECT elements in the ->f pdata array, and the condition should be ">=" instead of ">".

Recommendations For Linux kernel versions prior to 4.9.6, update to version 4.9.6 or later to resolve the issue. As a temporary workaround, consider modifying the cqspi setup flash() function to correct the off-by-one error by changing the condition to ">=" instead of ">".