CVE-2024-42249
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42249
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42249.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42249
- Downstream
- Published
- 2024-08-07T15:14:33Z
- Modified
- 2025-10-22T00:37:41.498759Z
- Summary
- spi: don't unoptimize message in spi_async()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
spi: don't unoptimize message in spi_async()
Calling spimaybeunoptimizemessage() in spiasync() is wrong because the message is likely to be in the queue and not transferred yet. This can corrupt the message while it is being used by the controller driver.
spimaybeunoptimizemessage() is already called in the correct place in spifinalizecurrentmessage() to balance the call to spimaybeoptimizemessage() in spiasync().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7b1d87af14d9ae902ed0c5dc5fabf4eea5abdf02Fixed8b9af6d67517ce4a0015928b3cf35bfd2b1bc1c2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7b1d87af14d9ae902ed0c5dc5fabf4eea5abdf02Fixedc86a918b1bdba78fb155184f8d88dfba1e63335d
Affected versions
v6.*
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.8
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
v6.9.8
v6.9.9
Database specific
vanir_signatures
[
{
"id": "CVE-2024-42249-4c41e6d1",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 394.0,
"function_hash": "265520935731728006032864444895424595280"
},
"target": {
"function": "spi_async",
"file": "drivers/spi/spi.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c86a918b1bdba78fb155184f8d88dfba1e63335d"
},
{
"id": "CVE-2024-42249-ac753eb6",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"314656452349252299613091660030388371433",
"227575191296494404779035847898894555475",
"72085148647549988607888178124472288574",
"145561540205187642669278986438652395164"
],
"threshold": 0.9
},
"target": {
"file": "drivers/spi/spi.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c86a918b1bdba78fb155184f8d88dfba1e63335d"
}
]