CVE-2024-26807Out-of-bounds Write in Linux

CWE-787Out-of-bounds WriteCWE-822Untrusted Pointer Dereference6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 4

Description

In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev); This obviously cannot be correct, unless "struct cqspi_st" is the first member of " struct spi_controller", or the other way around, but it is not the case. "struct spi_controller" is allocated by devm_spi_alloc_host(), which allocates an

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel6.46.6.21+9
Debianlinux/linux_kernel< 6.1.140-1+2
CVEListV5linux/linux79acf7fb856eade9c3d0cf00fd34a04bf5c43a1c2c914aac9522f6e93822c18dff233d3e92399c81+10
debiandebian/linux< linux 6.1.140-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.140-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-8xc6-54p8-3p65: In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: fix pointer reference in runtime PM hooks dev_get_drvdata() g2024-04-04
OSV
CVE-2024-26807: In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations st2024-04-04

📋Vendor Advisories

2
Red Hat
kernel: spi: cadence-qspi: fix pointer reference in runtime PM hooks2024-04-04
Debian
CVE-2024-26807: linux - In the Linux kernel, the following vulnerability has been resolved: Both cadenc...2024

💬Community

1
Bugzilla
CVE-2024-26807 kernel: spi: cadence-qspi: fix pointer reference in runtime PM hooks2024-04-04