PT-2023-9478 · Linux+4 · Linux Kernel+4

Publicado

2023-09-04

·

Atualizado

2025-04-29

·

CVE-2023-52511

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the SPI peripheral in the Linux kernel, where sometimes RX SPI transfers with DMA enabled return corrupted data due to single or multiple bytes lost during DMA transfer from the SPI peripheral to memory. This is caused by the RX FIFO within the SPI peripheral becoming confused when performing bus read accesses wider than a single byte to it during an active SPI transfer. A patch has been applied to reduce the width of individual DMA read accesses to the RX FIFO to a single byte to mitigate this issue. The vulnerability is also described as being related to uncontrolled resource consumption, which could allow an attacker to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

BDU:2024-07831
CVE-2023-52511
OPENSUSE-SU-2024_1321-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1

Produtos afetados

Astra Linux
Debian
Linux Kernel
Red Os
Suse