Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-36477
HistoryJun 21, 2024 - 11:18 a.m.

CVE-2024-36477 tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

2024-06-2111:18:46
Linux
www.cve.org
1
linux kernel
vulnerability
tpm_tis_spi
spi header
tpm
buffer
out-of-bounds
kasan
transfer mechanism

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the
maximum transfer length and the size of the transfer buffer. As such, it
does not account for the 4 bytes of header that prepends the SPI data
frame. This can result in out-of-bounds accesses and was confirmed with
KASAN.

Introduce SPI_HDRSIZE to account for the header and use to allocate the
transfer buffer.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/char/tpm/tpm_tis_spi_main.c"
    ],
    "versions": [
      {
        "version": "a86a42ac2bd6",
        "lessThan": "1547183852dc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a86a42ac2bd6",
        "lessThan": "de13c56f9947",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a86a42ac2bd6",
        "lessThan": "195aba96b854",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/char/tpm/tpm_tis_spi_main.c"
    ],
    "versions": [
      {
        "version": "6.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.6",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.33",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.4",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10-rc2",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

debiancve 1
ubuntucve 1
redhatcve 1
nvd 1
vulnrichment 1
cve 1
debiancve
debiancve
CVE-2024-36477
2024-06-21 12:15:11
ubuntucve
ubuntucve
CVE-2024-36477
2024-06-25 00:00:00
redhatcve
redhatcve
CVE-2024-36477
2024-06-21 13:52:36
nvd
nvd
CVE-2024-36477
2024-06-21 12:15:11
vulnrichment
vulnrichment
CVE-2024-36477 tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
2024-06-21 11:18:46
cve
cve
CVE-2024-36477
2024-06-21 12:15:11

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2024-36477
debiancve1ubuntucve1redhatcve1nvd1vulnrichment1cve1