CVE-2023-54295

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s spi-nor subsystem within the spi nor set erase type() function. This function was susceptible to a shift-out-of-bounds error when masking out an erase type, triggered by an excessively large shift exponent. Specifically, the code incorrectly set the size shift and mask, as well as the opcode, when the erase size was zero. This resulted in a potential crash due to the shift-out-of-bounds condition. The issue stemmed from unnecessary operations when masking out an erase type, and the use of an arbitrary opcode value (0xFF) that was not guaranteed to be unused.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.