CVE-2024-26807 Information

Description

In the Linux kernel the following vulnerability has been resolved:

spi: cadence-qspi: fix pointer reference in runtime PM hooks

dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI controller. Neither embed the other; this lead to memory corruption.

On a given platform (Mobileye EyeQ5) the memory corruption is hidden inside cqspi->f_pdata. Also this uninitialised memory is used as a mutex (ctlr->bus_lock_mutex) by spi_controller_suspend().

Reference

https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61 https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03 https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc