In the Linux kernel, the following vulnerability has been...
Unreviewed
Published
Apr 4, 2024
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Apr 4, 2024
Published to the GitHub Advisory Database
Apr 4, 2024
Last updated
Apr 4, 2024
In the Linux kernel, the following vulnerability has been resolved:
spi: cadence-qspi: fix pointer reference in runtime PM hooks
dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI
controller. Neither embed the other; this lead to memory corruption.
On a given platform (Mobileye EyeQ5) the memory corruption is hidden
inside cqspi->f_pdata. Also, this uninitialised memory is used as a
mutex (ctlr->bus_lock_mutex) by spi_controller_suspend().
References