CVE-2024-42279

spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer

Description

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rx_len == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the previous transfer out of the RX FIFO into the start RX buffer. The core provides a register that will empty the RX and TX FIFOs, so do that before each transfer.

N/A

CVSS

Severity:

EPSS 0.08%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80
https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75
https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927

Frequently Asked Questions

What is the severity of CVE-2024-42279?: CVE-2024-42279 has not yet been assigned a CVSS score.
How to fix CVE-2024-42279?: To fix CVE-2024-42279, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42279 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-42279 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42279?: CVE-2024-42279 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.