Description

In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account for the 4 bytes of header that prepends the SPI data frame. This can result in out-of-bounds accesses and was confirmed with KASAN. Introduce SPI_HDRSIZE to account for the header and use to allocate the transfer buffer.

INFO

Published Date :

2024-06-21T11:18:46.822Z

Last Modified :

2025-05-04T09:11:06.625Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36477 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36477.

URL Resource
https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd cve-icon cve-icon
https://git.kernel.org/stable/c/195aba96b854dd664768f382cd1db375d8181f88 cve-icon cve-icon
https://git.kernel.org/stable/c/de13c56f99477b56980c7e00b09c776d16b7563d cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024062150-CVE-2024-36477-7063@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36477 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36477 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact