CVE-2024-42279

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42279
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42279.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42279
Downstream
Related
Published
2024-08-17T09:08:46Z
Modified
2025-10-22T01:06:55.702612Z
Summary
spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer

While transmitting with rx_len == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the previous transfer out of the RX FIFO into the start RX buffer. The core provides a register that will empty the RX and TX FIFOs, so do that before each transfer.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9ac8d17694b66d54b13e9718b25c14ca36dbebbd
Fixed
3feda3677e8bbe833c3a62a4091377a08f015b80
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9ac8d17694b66d54b13e9718b25c14ca36dbebbd
Fixed
45e03d35229b680b79dfea1103a1f2f07d0b5d75
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9ac8d17694b66d54b13e9718b25c14ca36dbebbd
Fixed
9cf71eb0faef4bff01df4264841b8465382d7927

Affected versions

v5.*

v5.19
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45e03d35229b680b79dfea1103a1f2f07d0b5d75",
        "id": "CVE-2024-42279-145a2b53",
        "signature_version": "v1",
        "target": {
            "function": "mchp_corespi_transfer_one",
            "file": "drivers/spi/spi-microchip-core.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "3796881681205280688975234769492803394",
            "length": 682.0
        }
    },
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9cf71eb0faef4bff01df4264841b8465382d7927",
        "id": "CVE-2024-42279-3ab4e662",
        "signature_version": "v1",
        "target": {
            "function": "mchp_corespi_transfer_one",
            "file": "drivers/spi/spi-microchip-core.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "3796881681205280688975234769492803394",
            "length": 682.0
        }
    },
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45e03d35229b680b79dfea1103a1f2f07d0b5d75",
        "id": "CVE-2024-42279-accffa74",
        "signature_version": "v1",
        "target": {
            "file": "drivers/spi/spi-microchip-core.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "57722032789339676395240469758218821737",
                "237390146636945599543940258558576012292",
                "160638258125066624630039937228019330206",
                "82935917437904656425383259101510640820",
                "112016826328585269979819743698829307049",
                "257442368456788240496364330544911128473"
            ]
        }
    },
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9cf71eb0faef4bff01df4264841b8465382d7927",
        "id": "CVE-2024-42279-d700fa17",
        "signature_version": "v1",
        "target": {
            "file": "drivers/spi/spi-microchip-core.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "57722032789339676395240469758218821737",
                "237390146636945599543940258558576012292",
                "160638258125066624630039937228019330206",
                "82935917437904656425383259101510640820",
                "112016826328585269979819743698829307049",
                "257442368456788240496364330544911128473"
            ]
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.6.44
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.3