CVE-2022-49173

In the Linux kernel, the following vulnerability has been resolved:

spi: fsi: Implement a timeout for polling status

The data transfer routines must poll the status register to
determine when more data can be shifted in or out. If the hardware
gets into a bad state, these polling loops may never exit. Prevent
this by returning an error if a timeout is exceeded.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
linuxlinux_kernel
5.7 ≤
𝑥
< 5.16.19
linuxlinux_kernel
5.17 ≤
𝑥
< 5.17.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
References
https://git.kernel.org/stable/c/89b35e3f28514087d3f1e28e8f5634fbfd07c554
https://git.kernel.org/stable/c/d4982ceb137e6ecd2b466a6de639790a148cf19a
https://git.kernel.org/stable/c/dac1438f347d3b8cf892105c94e254f29c5764de