CVE-2021-4441

spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()

In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),
which could lead to a NULL pointer dereference on failure of
kzalloc().

Fix this bug by adding a check of tmpbuf.

This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.

Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.

Builds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,
and our static analyzer no longer warns about this code.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-08-22 CVE Published
2024-09-12 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/67dca5e580f1e93a66177389981541cac208c817	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/df14d2bed8e2455878e046e67123d9ecb2e79056	2022-03-02
https://git.kernel.org/stable/c/2efece1368aeee2d2552c7ec36aeb676c4d4c95f	2022-03-02
https://git.kernel.org/stable/c/3c32405d6474a21f7d742828e73c13e326dcae82	2022-03-02
https://git.kernel.org/stable/c/b9dd08cbebe0c593c49bf86d2012a431494e54cb	2022-03-02
https://git.kernel.org/stable/c/ab3824427b848da10e9fe2727f035bbeecae6ff4	2022-02-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.4.182 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.4.182"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.10.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.10.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.15.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.15.26"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.16.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.16.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.17"		en		Affected