Linux · Linux Kernel · CVE-2021-47282
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to an out-of-bounds access in the Linux kernel's spi: bcm2835 driver. This occurs when there are more than 4 slaves, and the `num chipselect` limitation is silently raised by `of spi get gpio numbers()`, resulting in out-of-bounds accesses to the `prepare cs[]` array. The problem arises because `num chipselect` only limits the number of native chipselects, and GPIO chipselects specified in the device tree can exceed this limit. A bandaid fix has been applied to raise the number of allowed slaves to 24 and enforce the limitation on slave setup, with an upcoming commit planned to allow an arbitrary number of slaves.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.