References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129

OR
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1 up to (excluding) 6.14.2

kernel.org: https://git.kernel.org/stable/c/76e51db43fe4aaaebcc5ddda67b0807f7c9bdecc Types: Patch

kernel.org: https://git.kernel.org/stable/c/7f2c746e09a3746bf937bc708129dc8af61d8f19 Types: Patch

In the Linux kernel, the following vulnerability has been resolved:

objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()

If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the
entire amd_spi_freq array without breaking out early, causing 'i' to go
beyond the array bounds.

Fix that by stopping the loop when it gets to the last entry, so the low
speed_hz value gets clamped up to AMD_SPI_MIN_HZ.

Fixes the following warning with an UBSAN kernel:

  drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode()

https://git.kernel.org/stable/c/76e51db43fe4aaaebcc5ddda67b0807f7c9bdecc

https://git.kernel.org/stable/c/7f2c746e09a3746bf937bc708129dc8af61d8f19