Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2021-47282

Disclosure Date: May 21, 2024 •

CVE-2021-47282

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: bcm2835: Fix out-of-bounds access with more than 4 slaves

Commit 571e31fa60b3 (“spi: bcm2835: Cache CS register value for
–>prepare_message()”) limited the number of slaves to 3 at compile-time.
The limitation was necessitated by a statically-sized array prepare_cs[]
in the driver private data which contains a per-slave register value.

The commit sought to enforce the limitation at run-time by setting the
controller’s num_chipselect to 3: Slaves with a higher chipselect are
rejected by spi_add_device().

However the commit neglected that num_chipselect only limits the number
of native chipselects. If GPIO chipselects are specified in the
device tree for more than 3 slaves, num_chipselect is silently raised by
of_spi_get_gpio_numbers() and the result are out-of-bounds accesses to
the statically-sized array prepare_cs[].

As a bandaid fix which is backportable to stable, raise the number of
allowed slaves to 24 (which “ought to be enough for anybody”), enforce
the limitation on slave –>setup and revert num_chipselect to 3 (which is
the number of native chipselects supported by the controller).
An upcoming for-next commit will allow an arbitrary number of slaves.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2021-47282 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47282)

Miscellaneous

https://git.kernel.org/stable/c/b5502580cf958b094f3b69dfe4eece90eae01fbc

https://git.kernel.org/stable/c/82a8ffba54d31e97582051cb56ba1f988018681e

https://git.kernel.org/stable/c/01415ff85a24308059e06ca3e97fd7bf75648690

https://git.kernel.org/stable/c/13817d466eb8713a1ffd254f537402f091d48444

Rapid7

Unknown

CVE-2021-47282

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2021-47282

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2021-47282

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2021-47282

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification