{"timestamp":"2024-09-10T15:41:14.519332Z","id":"CVE-2024-35883","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/spi/spi-pci1xxxx.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1cc0cbea7167af524a7f7b2d0d2f19f7a324e807","lessThan":"4b31a226097cf8cc3c9de5e855d97757fdb2bf06","versionType":"git","status":"affected"},{"version":"1cc0cbea7167af524a7f7b2d0d2f19f7a324e807","lessThan":"95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d","versionType":"git","status":"affected"},{"version":"1cc0cbea7167af524a7f7b2d0d2f19f7a324e807","lessThan":"1f886a7bfb3faf4c1021e73f045538008ce7634e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/spi/spi-pci1xxxx.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.26","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.8.5","lessThanOrEqual":"6.8.*","versionType":"semver","status":"unaffected"},{"version":"6.9","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST CWE-476

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.26
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.8.5
     *cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*

https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e No Types Assigned

https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e Patch

https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e No Types Assigned

https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e Patch

https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06 No Types Assigned

https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06 Patch

https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06 No Types Assigned

https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06 Patch

https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d No Types Assigned

https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d Patch

https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d No Types Assigned

https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d Patch

https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e

https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06

https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d

In the Linux kernel, the following vulnerability has been resolved:

spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe

In function pci1xxxx_spi_probe, there is a potential null pointer that
may be caused by a failed memory allocation by the function devm_kzalloc.
Hence, a null pointer check needs to be added to prevent null pointer
dereferencing later in the code.

To fix this issue, spi_bus->spi_int[iter] should be checked. The memory
allocated by devm_kzalloc will be automatically released, so just directly
return -ENOMEM without worrying about memory leaks.

kernel.org https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e [No types assigned]

kernel.org https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06 [No types assigned]

kernel.org https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d [No types assigned]