CVE-2024-46853

Summary

CVE-2024-46853: A vulnerability in the Linux kernel's SPI (Serial Peripheral Interface) driver for NXP's FSPI (Flexible Serial Interface) has been addressed. This issue caused an out-of-bounds write when the data was not 4-byte aligned to the TX FIFO. To exploit this bug, an attacker could write 3 bytes of data to the NOR chip. The vulnerability was detected by KASAN, a memory error detector, and resulted in a kernel panic, leading to memory corruption and potential system instability. The affected object was a cache kmalloc-8 of size 8, with the buggy address belonging to the physical page index 0x0 and pfn 0x89037c.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.