Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over theentire amd_spi_freq array without breaking out early, causing 'i' to gobeyond the array bounds.Fix that by stopping the loop when it gets to the last entry, so the lowspeed_hz value gets clamped up to AMD_SPI_MIN_HZ.Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode()
No PoCs from references.
- https://github.com/siderolabs/talos-vex