PT-2020-2427 · Linux+3 · Linux Kernel+3

Published

2020-01-03

·

Updated

2022-05-03

·

CVE-2020-12769

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.17
Description The issue exists due to insufficient input validation in the drivers/spi/spi-dw.c component of the Linux kernel. This can be exploited by an attacker to cause a denial of service via concurrent calls to dw spi irq and dw spi transfer one functions.
Recommendations For Linux kernel versions prior to 5.4.17, update to version 5.4.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the drivers/spi/spi-dw.c component to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-20

Related Identifiers

ALT-PU-2020-1131
ALT-PU-2020-1161
ALT-PU-2020-1198
ALT-PU-2020-1251
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-02429
CVE-2020-12769
DLA-2241-1
DLA-2241-2
LSN-0069-1
OPENSUSE-SU-2020:0801-1
OPENSUSE-SU-2020:0935-1
OPENSUSE-SU-2020_0801-1
OPENSUSE-SU-2020_0935-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
SUSE-SU-2020:1587-1
SUSE-SU-2020:1599-1
SUSE-SU-2020:1602-1
SUSE-SU-2020:1603-1
SUSE-SU-2020:1604-1
SUSE-SU-2020:1605-1
SUSE-SU-2020:1663-1
SUSE-SU-2020:2027-1
SUSE-SU-2020:2105-1
SUSE-SU-2020:2156-1
SUSE-SU-2020:2478-1
SUSE-SU-2020:2487-1
SUSE-SU-2020_1587-1
SUSE-SU-2020_1599-1
SUSE-SU-2020_1602-1
SUSE-SU-2020_1603-1
SUSE-SU-2020_1604-1
SUSE-SU-2020_1605-1
SUSE-SU-2020_1663-1
USN-4391-1

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu