PT-2024-35511 · Linux+3 · Linux Kernel+3

Published

2024-09-05

Updated

2025-10-03

CVE-2024-53046

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.0-rc6-next-20240902-00001-g131bf9439dd9

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the flexspi compatible string in the arm64: dts: imx8ulp. The flexspi on imx8ulp only has 16 LUTs, whereas the imx8mm flexspi has 32 LUTs. This discrepancy can cause an error. The vulnerability is related to the nxp fspi exec op function and the spi mem exec op function.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the flexspi compatible string. Specifically, update to a version later than 6.11.0-rc6-next-20240902-00001-g131bf9439dd9. As a temporary workaround, consider disabling the nxp fspi exec op function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-917

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-17211

ALT-PU-2024-17891

ALT-PU-2025-12647

AZL-53858

BDU:2025-07882

CVE-2024-53046

OESA-2024-2492

USN-7276-1

USN-7277-1

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2024-35511 · Linux+3 · Linux Kernel+3

CVE-2024-53046

Weakness Enumeration

Related Identifiers

Affected Products

References · 1167