Linux Kernel up to 5.15.133/6.1.55/6.5.5 sun6i information disclosure

Summaryinfo

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 5.15.133/6.1.55/6.5.5. The affected element is an unknown function of the component sun6i. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2023-52511. There is not any exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 5.15.133/6.1.55/6.5.5 (Operating System). It has been rated as problematic. Affected by this issue is an unknown functionality of the component sun6i. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: reduce DMA RX transfer width to single byte Through empirical testing it has been determined that sometimes RX SPI transfers with DMA enabled return corrupted data. This is down to single or even multiple bytes lost during DMA transfer from SPI peripheral to memory. It seems the RX FIFO within the SPI peripheral can become confused when performing bus read accesses wider than a single byte to it during an active SPI transfer. This patch reduces the width of individual DMA read accesses to the RX FIFO to a single byte to mitigate that issue.

The weakness was released 03/02/2024. The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2023-52511 since 02/20/2024. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading to version 5.15.134, 6.1.56, 6.5.6 or 6.6 eliminates this vulnerability. Applying the patch ff05ed4ae214/e15bb292b246/b3c21c9c7289/171f8a49f212 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.15.133
• 6.1.0
• 6.1.1
• 6.1.2
• 6.1.3
• 6.1.4
• 6.1.5
• 6.1.6
• 6.1.7
• 6.1.8
• 6.1.9
• 6.1.10
• 6.1.11
• 6.1.12
• 6.1.13
• 6.1.14
• 6.1.15
• 6.1.16
• 6.1.17
• 6.1.18
• 6.1.19
• 6.1.20
• 6.1.21
• 6.1.22
• 6.1.23
• 6.1.24
• 6.1.25
• 6.1.26
• 6.1.27
• 6.1.28
• 6.1.29
• 6.1.30
• 6.1.31
• 6.1.32
• 6.1.33
• 6.1.34
• 6.1.35
• 6.1.36
• 6.1.37
• 6.1.38
• 6.1.39
• 6.1.40
• 6.1.41
• 6.1.42
• 6.1.43
• 6.1.44
• 6.1.45
• 6.1.46
• 6.1.47
• 6.1.48
• 6.1.49
• 6.1.50
• 6.1.51
• 6.1.52
• 6.1.53
• 6.1.54
• 6.1.55
• 6.5.0
• 6.5.1
• 6.5.2
• 6.5.3
• 6.5.4
• 6.5.5

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion