8748 – (CVE-2024-24862) fix null pointer dereference in pci1xxxx_spi_probe of spi driver

Bug 8748 (CVE-2024-24862) - fix null pointer dereference in pci1xxxx_spi_probe of spi driver

Summary: fix null pointer dereference in pci1xxxx_spi_probe of spi driver

Status:	NEW

Alias:	CVE-2024-24862

Product:	ANCK 6.6 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	6.6.7-1
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	Shiloong
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-04-12 10:46 UTC by Shiloong
Modified:	2024-04-29 09:36 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shiloong admin

2024-04-12 10:46:07 UTC

on behalf of 刘怀远 <qq810974084@gmail.com>:
在pci1xxxx_spi_probe函数中，存在一处调用devm_kzalloc函数申请内存，申请时不保证成功，且并未对其返回指针进行检查。而在后文直接或间接对其进行了解引用，从而触发空指针解引用。

已经向upstream提交修复补丁：
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20240411&id=1f886a7bfb3faf4c1021e73f045538008ce7634e