Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2024-36477

In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account for the 4 bytes of header that prepends the SPI data frame. This can result in out-of-bounds accesses and was confirmed with KASAN. Introduce SPI_HDRSIZE to account for the header and use to allocate the transfer buffer.

Related bugs and status

CVE-2024-36477 (Candidate) is related to these bugs:

Bug #2073449: [Debian] High CVE: CVE-2024-26934/CVE-2024-26933/.../CVE-2024-0841/CVE-2023-46838 kernel : multiple CVEs

Summary				In	Importance	Status
	2073449	[Debian] High CVE: CVE-2024-26934/CVE-2024-26933/.../CVE-2024-0841/CVE-2023-46838 kernel : multiple CVEs		StarlingX	Undecided	New

See the

CVE page on Mitre.org for more details.

References

MISC: https://git.kernel.org...
MISC: https://git.kernel.org...
MISC: https://git.kernel.org...