In the Linux kernel, the following vulnerability has been...
High severity
Unreviewed
Published
Jun 21, 2024
to the GitHub Advisory Database
•
Updated Jun 24, 2024
Description
Published by the National Vulnerability Database
Jun 21, 2024
Published to the GitHub Advisory Database
Jun 21, 2024
Last updated
Jun 24, 2024
In the Linux kernel, the following vulnerability has been resolved:
tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the
maximum transfer length and the size of the transfer buffer. As such, it
does not account for the 4 bytes of header that prepends the SPI data
frame. This can result in out-of-bounds accesses and was confirmed with
KASAN.
Introduce SPI_HDRSIZE to account for the header and use to allocate the
transfer buffer.
References