CVE-2024-42249

In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spi_async() Calling spi_maybe_unoptimize_message() in spi_async() is wrong because the message is likely to be in the queue and not transferred yet. This can corrupt the message while it is being used by the controller driver. spi_maybe_unoptimize_message() is already called in the correct place in spi_finalize_current_message() to balance the call to spi_maybe_optimize_message() in spi_async().
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

08 Aug 2024, 20:55

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: no desoptimizar el mensaje en spi_async() Llamar a spi_maybe_unoptimize_message() en spi_async() es incorrecto porque es probable que el mensaje esté en la cola y aún no se haya transferido. Esto puede dañar el mensaje mientras lo utiliza el controlador del controlador. spi_maybe_unoptimize_message() ya se llama en el lugar correcto en spi_finalize_current_message() para equilibrar la llamada a spi_maybe_optimize_message() en spi_async().
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3
References () https://git.kernel.org/stable/c/8b9af6d67517ce4a0015928b3cf35bfd2b1bc1c2 - () https://git.kernel.org/stable/c/8b9af6d67517ce4a0015928b3cf35bfd2b1bc1c2 - Patch
References () https://git.kernel.org/stable/c/c86a918b1bdba78fb155184f8d88dfba1e63335d - () https://git.kernel.org/stable/c/c86a918b1bdba78fb155184f8d88dfba1e63335d - Patch

07 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 16:15

Updated : 2024-08-08 20:55


NVD link : CVE-2024-42249

Mitre link : CVE-2024-42249

CVE.ORG link : CVE-2024-42249


JSON object : View

Products Affected

linux

  • linux_kernel