CVE-2023-52511

spi: sun6i: reduce DMA RX transfer width to single byte

Description

In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: reduce DMA RX transfer width to single byte Through empirical testing it has been determined that sometimes RX SPI transfers with DMA enabled return corrupted data. This is down to single or even multiple bytes lost during DMA transfer from SPI peripheral to memory. It seems the RX FIFO within the SPI peripheral can become confused when performing bus read accesses wider than a single byte to it during an active SPI transfer. This patch reduces the width of individual DMA read accesses to the RX FIFO to a single byte to mitigate that issue.

5.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ff05ed4ae214011464a0156f05cac1b0b46b5fbc patch
https://git.kernel.org/stable/c/e15bb292b24630ee832bfc7fd616bd72c7682bbb patch
https://git.kernel.org/stable/c/b3c21c9c7289692f4019f163c3b06d8bdf78b355 patch
https://git.kernel.org/stable/c/171f8a49f212e87a8b04087568e1b3d132e36a18 patch

Frequently Asked Questions

What is the severity of CVE-2023-52511?
CVE-2023-52511 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52511?
To fix CVE-2023-52511, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52511 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52511 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52511?
CVE-2023-52511 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.