Michael Walle

#16244of 53,633
16.5Total CVSS
Vulnerabilities · 3
Medium
3
PT-2024-5777
5.5
2024-04-10
Linux · Linux Kernel · CVE-2021-47195
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the Linux kernel's spi component, specifically with the `add lock` mutex. The vulnerability occurs when the `mutex unlock()` function is called after the controller is already freed. This can lead to a denial of service. The vulnerability was introduced by a commit that added a per-controller mutex to fix a deadlock issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-9439
5.5
2023-01-13
Linux · Linux Kernel · CVE-2022-48895
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.1.0-rc5-00088-gf3600ff8e322 #1930 **Description** The vulnerability is related to the iommu/arm-smmu component in the Linux kernel. It occurs when the system is shut down with the "reboot -f" command while a packet transmission is in flight, causing a kernel NULL pointer dereference. This can lead to a kernel panic and a fatal exception in interrupt. The issue is reproducible when the board has a fixed IP address and is ping flooded from another host. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the iommu/arm-smmu vulnerability. Alternatively, boot with the "arm-smmu.disable bypass=0" option to allow unknown Stream IDs, but this may have security implications.
PT-2024-11145
5.5
2021-03-28
Linux · Linux Kernel · CVE-2021-47055
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns the requirement of write permissions for locking and badblock ioctls in the Linux kernel. Specifically, `MEMLOCK`, `MEMUNLOCK`, and `OTPLOCK` modify protection bits and thus require write permission. Depending on the hardware, `MEMLOCK` might even be write-once, for example, for SPI-NOR flashes with their WP# tied to GND. `OTPLOCK` is always write-once. `MEMSETBADBLOCK` modifies the bad block table. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.