Hi all, CVE-2021-47469 is supposed to be fixed by commit 6098475d4cb4 "spi: Fix deadlock when adding SPI controllers on SPI buses" but I think this assignment should be rejected. The commit fixes a deadlock during addition of an SPI device. Since SPI does not support auto-discovery, I think that adding such a device requires CAP_SYS_ADMIN privilege (but I'm not certain). Since it is intended that a user with CAP_SYS_ADMIN can deny service through the reboot system call, I don't think additional ways to do this are security flaws. Ben. -- Ben Hutchings Any smoothly functioning technology is indistinguishable from a rigged demo.
Attachment:
signature.asc
Description: This is a digitally signed message part
