SB20240531457 - NULL pointer dereference in Linux kernel spi driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2024-27028)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/2342b05ec5342a519e00524a507f7a6ea6791a38
• https://git.kernel.org/stable/c/55f8ea6731aa64871ee6aef7dba53ee9f9f3b2f6
• https://git.kernel.org/stable/c/bcfcdf19698024565eff427706ebbd8df65abd11
• https://git.kernel.org/stable/c/c10fed329c1c104f375a75ed97ea3abef0786d62
• https://git.kernel.org/stable/c/766ec94cc57492eab97cbbf1595bd516ab0cb0e4
• https://git.kernel.org/stable/c/62b1f837b15cf3ec2835724bdf8577e47d14c753
• https://git.kernel.org/stable/c/bea82355df9e1c299625405b1947fc9b26b4c6d4
• https://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713
• https://git.kernel.org/stable/c/a20ad45008a7c82f1184dc6dee280096009ece55
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2