admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-268xx/CVE-2024-26807.json

33 lines
3.0 KiB
JSON
Raw Normal View History

Auto-Update: 2024-04-04T10:00:29.544033+00:00
2024-04-04 10:03:21 +00:00
{
"id": "CVE-2024-26807",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:09.380",
Auto-Update: 2024-06-20T12:00:18.799054+00:00
2024-06-20 12:03:13 +00:00
"lastModified": "2024-06-20T10:15:09.303",
Auto-Update: 2024-04-04T14:00:41.061851+00:00
2024-04-04 14:03:31 +00:00
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
Auto-Update: 2024-04-04T10:00:29.544033+00:00
2024-04-04 10:03:21 +00:00
"descriptions": [
{
"lang": "en",
Auto-Update: 2024-06-20T12:00:18.799054+00:00
2024-06-20 12:03:13 +00:00
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBoth cadence-quadspi ->runtime_suspend() and ->runtime_resume()\nimplementations start with:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nThis obviously cannot be correct, unless \"struct cqspi_st\" is the\nfirst member of \" struct spi_controller\", or the other way around, but\nit is not the case. \"struct spi_controller\" is allocated by\ndevm_spi_alloc_host(), which allocates an extra amount of memory for\nprivate data, used to store \"struct cqspi_st\".\n\nThe ->probe() function of the cadence-quadspi driver then sets the\ndevice drvdata to store the address of the \"struct cqspi_st\"\nstructure. Therefore:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\nis correct, but:\n\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nis not, as it makes \"host\" point not to a \"struct spi_controller\" but\nto the same \"struct cqspi_st\" structure as above.\n\nThis obviously leads to bad things (memory corruption, kernel crashes)\ndirectly during ->probe(), as ->probe() enables the device using PM\nruntime, leading the ->runtime_resume() hook being called, which in\nturns calls spi_controller_resume() with the wrong pointer.\n\nThis has at least been reported [0] to cause a kernel crash, but the\nexact behavior will depend on the memory contents.\n\n[0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/\n\nThis issue potentially affects all platforms that are currently using\nthe cadence-quadspi driver."
Auto-Update: 2024-04-04T12:00:33.656105+00:00
2024-04-04 12:03:25 +00:00
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cadence-qspi: corrige la referencia del puntero en los ganchos PM en tiempo de ejecuci\u00f3n dev_get_drvdata() se utiliza para adquirir el puntero a cqspi y el controlador SPI. Ninguno de los dos integra al otro; Esto conduce a la corrupci\u00f3n de la memoria. En una plataforma determinada (Mobileye EyeQ5), la corrupci\u00f3n de la memoria est\u00e1 oculta dentro de cqspi->f_pdata. Adem\u00e1s, esta memoria no inicializada se utiliza como mutex (ctlr->bus_lock_mutex) por spi_controller_suspend()."
Auto-Update: 2024-04-04T10:00:29.544033+00:00
2024-04-04 10:03:21 +00:00
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue Copy Permalink