PT-2023-9478 · Linux+4 · Linux Kernel+4

Published

2023-09-04

·

Updated

2025-04-29

·

CVE-2023-52511

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the SPI peripheral in the Linux kernel, where sometimes RX SPI transfers with DMA enabled return corrupted data due to single or multiple bytes lost during DMA transfer from the SPI peripheral to memory. This is caused by the RX FIFO within the SPI peripheral becoming confused when performing bus read accesses wider than a single byte to it during an active SPI transfer. A patch has been applied to reduce the width of individual DMA read accesses to the RX FIFO to a single byte to mitigate this issue. The vulnerability is also described as being related to uncontrolled resource consumption, which could allow an attacker to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2024-07831
CVE-2023-52511
OPENSUSE-SU-2024_1321-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1

Affected Products

Astra Linux
Debian
Linux Kernel
Red Os
Suse