CVE-2024-36477

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36477
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36477.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36477
Downstream
Related
Published
2024-06-21T11:18:46Z
Modified
2025-10-15T11:15:56.522876Z
Summary
tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
Details

In the Linux kernel, the following vulnerability has been resolved:

tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer

The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account for the 4 bytes of header that prepends the SPI data frame. This can result in out-of-bounds accesses and was confirmed with KASAN.

Introduce SPI_HDRSIZE to account for the header and use to allocate the transfer buffer.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a86a42ac2bd652fdc7836a9d880c306a2485c142
Fixed
1547183852dcdfcc25878db7dd3620509217b0cd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a86a42ac2bd652fdc7836a9d880c306a2485c142
Fixed
de13c56f99477b56980c7e00b09c776d16b7563d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a86a42ac2bd652fdc7836a9d880c306a2485c142
Fixed
195aba96b854dd664768f382cd1db375d8181f88

Affected versions

v6.*

v6.10-rc1
v6.5
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2024-36477-1447ca56",
            "signature_type": "Function",
            "target": {
                "file": "drivers/char/tpm/tpm_tis_spi_main.c",
                "function": "tpm_tis_spi_init"
            },
            "deprecated": false,
            "digest": {
                "length": 318.0,
                "function_hash": "220933473261322044700943416955425283143"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@195aba96b854dd664768f382cd1db375d8181f88"
        },
        {
            "id": "CVE-2024-36477-21b2f424",
            "signature_type": "Line",
            "target": {
                "file": "drivers/char/tpm/tpm_tis_spi_main.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "304891534277604434140242216637059061041",
                    "328807179214235931069747996560486041250",
                    "303048821586252621921094070754318184916",
                    "54847683879777235648285916483205900166",
                    "8486304622638708833850397314320149208",
                    "286842942307511034504575319901199229458",
                    "289854978400905421372636299054209421703"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@195aba96b854dd664768f382cd1db375d8181f88"
        },
        {
            "id": "CVE-2024-36477-96bd072c",
            "signature_type": "Line",
            "target": {
                "file": "drivers/char/tpm/tpm_tis_spi_main.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "304891534277604434140242216637059061041",
                    "328807179214235931069747996560486041250",
                    "303048821586252621921094070754318184916",
                    "54847683879777235648285916483205900166",
                    "8486304622638708833850397314320149208",
                    "286842942307511034504575319901199229458",
                    "289854978400905421372636299054209421703"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@de13c56f99477b56980c7e00b09c776d16b7563d"
        },
        {
            "id": "CVE-2024-36477-c360765e",
            "signature_type": "Function",
            "target": {
                "file": "drivers/char/tpm/tpm_tis_spi_main.c",
                "function": "tpm_tis_spi_init"
            },
            "deprecated": false,
            "digest": {
                "length": 318.0,
                "function_hash": "220933473261322044700943416955425283143"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@de13c56f99477b56980c7e00b09c776d16b7563d"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.33
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.4