CVE-2024-27028

MEDIUM

Linux kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler The TX buffer in spi_transfer can be a NULL pointer, so the interrupt handler may end up writing to the invalid memory and cause crashes. Add a check to trans->tx_buf before using it.

References (11)

[Patch] https://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713

[Patch] https://git.kernel.org/stable/c/2342b05ec5342a519e00524a507f7a6ea6791a38

[Patch] https://git.kernel.org/stable/c/55f8ea6731aa64871ee6aef7dba53ee9f9f3b2f6

[Patch] https://git.kernel.org/stable/c/62b1f837b15cf3ec2835724bdf8577e47d14c753

[Patch] https://git.kernel.org/stable/c/766ec94cc57492eab97cbbf1595bd516ab0cb0e4

[Patch] https://git.kernel.org/stable/c/a20ad45008a7c82f1184dc6dee280096009ece55

[Patch] https://git.kernel.org/stable/c/bcfcdf19698024565eff427706ebbd8df65abd11

[Patch] https://git.kernel.org/stable/c/bea82355df9e1c299625405b1947fc9b26b4c6d4

[Patch] https://git.kernel.org/stable/c/c10fed329c1c104f375a75ed97ea3abef0786d62

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Scores

CVSS v3 6.5

EPSS 0.0018

EPSS Percentile 39.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Classification

CWE

CWE-476

Status published

Affected Products (10)

linux/linux_kernel < 4.19.311

debian/debian_linux

linux/Kernel < 4.19.311linux

linux/Kernel < 5.4.273linux

linux/Kernel < 5.10.214linux

linux/Kernel < 5.15.153linux

linux/Kernel < 6.1.83linux

linux/Kernel < 6.6.23linux

linux/Kernel < 6.7.11linux

linux/Kernel < 6.8.2linux

Timeline

Published May 01, 2024

Tracked Since Feb 18, 2026