PT-2024-7180 · Linux+8 · Linux Kernel+8
Han Xu
·
Published
2024-09-11
·
Updated
2026-05-05
·
CVE-2024-46853
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.11.0-rc5-gc7b0e37c8434
Description
The vulnerability is related to an out-of-bounds issue in the
nxp fspi exec op function when writing data that is not 4 byte aligned to TX FIFO. This can be reproduced by writing 3 bytes of data to a NOR chip using the dd command. The issue is caused by a slab-out-of-bounds error in the nxp fspi exec op function, which is part of the SPI driver. The vulnerability can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information.Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the
spi: nxp-fspi out-of-bounds bug. As a temporary workaround, consider disabling the nxp fspi exec op function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation.At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu