In the Linux kernel, the following vulnerability has been resolved:

spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain

Previously the transfer complete IRQ immediately drained to RX FIFO to
read any data remaining in FIFO to the RX buffer. This behaviour is
correct when dealing with SPI in interrupt mode. However in DMA mode the
transfer complete interrupt still fires as soon as all bytes to be
transferred have been stored in the FIFO. At that point data in the FIFO
still needs to be picked up by the DMA engine. Thus the drain procedure
and DMA engine end up racing to read from RX FIFO, corrupting any data
read. Additionally the RX buffer pointer is never adjusted according to
DMA progress in DMA mode, thus calling the RX FIFO drain procedure in DMA
mode is a bug.
Fix corruptions in DMA RX mode by draining RX FIFO only in interrupt mode.
Also wait for completion of RX DMA when in DMA mode before returning to
ensure all data has been copied to the supplied memory buffer.

Linux https://git.kernel.org/stable/c/1f11f4202caf5710204d334fe63392052783876d [No types assigned]

Linux https://git.kernel.org/stable/c/36b29974a7ad2ff604c24ad348f940506c7b1209 [No types assigned]

Linux https://git.kernel.org/stable/c/4e149d524678431638ff378ef6025e4e89b71097 [No types assigned]

Linux https://git.kernel.org/stable/c/bd1ec7f9983b5cd3c77e0f7cda3fa8aed041af2f [No types assigned]