Amit Kumar Mahapatra

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the version containing the fix for the SST write failure issue Description: A bug in the Linux kernel causes only one byte of data to be written, regardless of the number of bytes passed to `sst nor write data()`, leading to a kernel crash during the write operation. The issue was introduced by a commit that factored out a common write operation to `sst nor write data()`. The correct number of bytes must be written as passed to `sst nor write data()` to resolve the issue. Recommendations: For Linux kernel versions prior to the version containing the fix for the SST write failure issue, ensure the correct number of bytes are written as passed to `sst nor write data()`. As a temporary workaround, consider disabling the `sst nor write data()` function until a patch is available. Restrict access to the vulnerable `sst` module to minimize the risk of exploitation. Avoid using the affected `mtd write oob std()` and `mtd write oob()` functions in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.