Marc Kleine-Budde

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been identified, specifically in the spi: bcm2835 module. The `bcm2835 spi handle err()` function is called when an IRQ based transfer times out. Due to changes made in commit 1513ceee70f2, TX and RX DMA transfers are unconditionally canceled, leading to NULL pointer dereferences if `ctlr->dma tx` or `ctlr->dma rx` are not set. This occurs because the `dma pending` flag was dropped. **Recommendations** To resolve this issue, check that `ctlr->dma tx` and `ctlr->dma rx` are valid pointers before accessing them in the `bcm2835 spi handle err()` function. As a temporary workaround, consider adding checks for NULL pointers to prevent dereferences. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue concerned the `rkcanfd handle rx fifo overflow int()` function, where a NULL pointer check was fixed to bail out if an skb cannot be allocated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to errors in reading beyond boundaries in the `can put echo skb()` function. If the `struct can priv::echo skb` is accessed out of bounds, this would cause a kernel crash. Instead, a meaningful warning message is issued and an error is returned. The exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.