On Sun, Mar 02, 2025 at 07:03:30PM +0100, Ben Hutchings wrote: > Hi all, > > CVE-2021-47469 is supposed to be fixed by commit 6098475d4cb4 "spi: Fix > deadlock when adding SPI controllers on SPI buses" but I think this > assignment should be rejected. > > The commit fixes a deadlock during addition of an SPI device. Since SPI > does not support auto-discovery, I think that adding such a device > requires CAP_SYS_ADMIN privilege (but I'm not certain). > > Since it is intended that a user with CAP_SYS_ADMIN can deny service > through the reboot system call, I don't think additional ways to do this > are security flaws. Now rejected, thanks. greg k-h
Re: CVE-2021-47469: spi: Fix deadlock when adding SPI controllers on SPI buses
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: CVE-2021-47469: spi: Fix deadlock when adding SPI controllers on SPI buses
- From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 3 Mar 2025 09:15:44 +0100
- Cc: Mark Brown <broonie@xxxxxxxxxx>, cve@xxxxxxxxxx, linux-spi@xxxxxxxxxxxxxxx
- In-reply-to: <ee5f2de4a84c04df92644ea720b88497528004dc.camel@decadent.org.uk>
- References: <ee5f2de4a84c04df92644ea720b88497528004dc.camel@decadent.org.uk>
- References:
- CVE-2021-47469: spi: Fix deadlock when adding SPI controllers on SPI buses
- From: Ben Hutchings
- CVE-2021-47469: spi: Fix deadlock when adding SPI controllers on SPI buses
- Prev by Date: CVE-2021-47469: spi: Fix deadlock when adding SPI controllers on SPI buses
- Next by Date: [PATCH v2] spi: microchip-core: prevent RX overflows when transmit size > FIFO size
- Previous by thread: CVE-2021-47469: spi: Fix deadlock when adding SPI controllers on SPI buses
- Next by thread: Re: CVE-2021-47469: spi: Fix deadlock when adding SPI controllers on SPI buses
- Index(es):
 |