References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

spi: atmel-quadspi: Free resources even if runtime resume failed in .remove()

An early error exit in atmel_qspi_remove() doesn't prevent the device
unbind. So this results in an spi controller with an unbound parent
and unmapped register space (because devm_ioremap_resource() is undone).
So using the remaining spi controller probably results in an oops.

Instead unregister the controller unconditionally and only skip hardware
access and clk disable.

Also add a warning about resume failing and return zero unconditionally.
The latter has the only effect to suppress a less helpful error message by
the spi core.

https://git.kernel.org/stable/c/618770d4d8e40b7f8ed9eb5f210cd9164dfac47d

https://git.kernel.org/stable/c/77806d7c9bebe40a8cdce2b8d30fbe6511745df8

https://git.kernel.org/stable/c/9448bc1dee65f86c0fe64d9dea8b410af0586886

https://git.kernel.org/stable/c/f6974fb20499e3b6522daa7aec822aac11dfcf42