Mark Hasemeyer

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A race condition exists in the Linux kernel where a synchronous transfer can be active during a system suspend, causing a null pointer dereference exception when the system resumes. This occurs due to the following sequence of events: 1. `spi sync()` calls ` spi transfer message noqueue()` which sets `ctlr->cur msg`. 2. Spi transfer begins via `spi transfer one message()`. 3. The system is suspended, interrupting the transfer context. 4. The system is resumed. 5. `spi controller resume()` calls `spi start queue()` which resets `cur msg` to NULL. 6. The spi transfer context resumes and `spi finalize current message()` is called, which dereferences `cur msg` (now NULL). To resolve this issue, the kernel waits for synchronous transfers to complete before suspending by acquiring the bus mutex and setting/checking a suspend flag. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.