CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved: spi:
fix null pointer dereference within spi_sync If spi_sync() is called with
the non-empty queue and the same spi_message is then reused, the complete
callback for the message remains set while the context is cleared, leading
to a null pointer dereference when the callback is invoked from
spi_finalize_current_message(). With function inlining disabled, the call
stack might look like this: _raw_spin_lock_irqsave from
complete_with_flags+0x18/0x58 complete_with_flags from spi_complete+0x8/0xc
spi_complete from spi_finalize_current_message+0xec/0x184
spi_finalize_current_message from spi_transfer_one_message+0x2a8/0x474
spi_transfer_one_message from __spi_pump_transfer_message+0x104/0x230
__spi_pump_transfer_message from __spi_transfer_message_noqueue+0x30/0xc4
__spi_transfer_message_noqueue from __spi_sync+0x204/0x248 __spi_sync from
spi_sync+0x24/0x3c spi_sync from mcp251xfd_regmap_crc_read+0x124/0x28c
[mcp251xfd] mcp251xfd_regmap_crc_read [mcp251xfd] from
_regmap_raw_read+0xf8/0x154 _regmap_raw_read from
_regmap_bus_read+0x44/0x70 _regmap_bus_read from _regmap_read+0x60/0xd8
_regmap_read from regmap_read+0x3c/0x5c regmap_read from
mcp251xfd_alloc_can_err_skb+0x1c/0x54 [mcp251xfd]
mcp251xfd_alloc_can_err_skb [mcp251xfd] from mcp251xfd_irq+0x194/0xe70
[mcp251xfd] mcp251xfd_irq [mcp251xfd] from irq_thread_fn+0x1c/0x78
irq_thread_fn from irq_thread+0x118/0x1f4 irq_thread from kthread+0xd8/0xf4
kthread from ret_from_fork+0x14/0x28 Fix this by also setting
message->complete to NULL when the transfer is complete.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-intel | < any | UNKNOWN |
git.kernel.org/linus/4756fa529b2f12b7cb8f21fe229b0f6f47190829 (6.9-rc7)
git.kernel.org/stable/c/2070d008cc08bff50a58f0f4d30f12d3ebf94c00
git.kernel.org/stable/c/4756fa529b2f12b7cb8f21fe229b0f6f47190829
git.kernel.org/stable/c/a30659f1576d2c8e62e7426232bb18b885fd951a
git.kernel.org/stable/c/e005d6754e3e440257006795b687c4ad8733b493
launchpad.net/bugs/cve/CVE-2024-36930
nvd.nist.gov/vuln/detail/CVE-2024-36930
security-tracker.debian.org/tracker/CVE-2024-36930
www.cve.org/CVERecord?id=CVE-2024-36930