CVE-2024-36477

2024-06-2112:15:11

CWE-125

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

tpm

spi vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the
maximum transfer length and the size of the transfer buffer. As such, it
does not account for the 4 bytes of header that prepends the SPI data
frame. This can result in out-of-bounds accesses and was confirmed with
KASAN.

Introduce SPI_HDRSIZE to account for the header and use to allocate the
transfer buffer.

Affected configurations

Vulners

NVD

Node

linuxlinux_kernelRange6.6–6.6.33

linuxlinux_kernelRange6.7.0–6.9.4

linuxlinux_kernelRange6.10.0–6.10-rc2

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt6.6.0
linux:linux_kernellinux linux kernellt6.6.33
linux:linux_kernellinux linux kernellt6.9.4
linux:linux_kernellinux linux kerneleq6.10.0

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	6.6.0
linux:linux_kernel	linux linux kernel	lt	6.6.33
linux:linux_kernel	linux linux kernel	lt	6.9.4
linux:linux_kernel	linux linux kernel	eq	6.10.0

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/char/tpm/tpm_tis_spi_main.c"
    ],
    "versions": [
      {
        "version": "a86a42ac2bd6",
        "lessThan": "1547183852dc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a86a42ac2bd6",
        "lessThan": "de13c56f9947",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a86a42ac2bd6",
        "lessThan": "195aba96b854",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/char/tpm/tpm_tis_spi_main.c"
    ],
    "versions": [
      {
        "version": "6.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.6",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.33",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.4",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10-rc2",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]