Han Xu

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.11.0-rc5-gc7b0e37c8434 **Description** The vulnerability is related to an out-of-bounds issue in the `nxp fspi exec op` function when writing data that is not 4 byte aligned to TX FIFO. This can be reproduced by writing 3 bytes of data to a NOR chip using the `dd` command. The issue is caused by a slab-out-of-bounds error in the `nxp fspi exec op` function, which is part of the SPI driver. The vulnerability can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the `spi: nxp-fspi` out-of-bounds bug. As a temporary workaround, consider disabling the `nxp fspi exec op` function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.