{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42279", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.261Z", "datePublished": "2024-08-17T09:08:46.829Z", "dateUpdated": "2025-05-04T09:25:48.623Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:25:48.623Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-microchip-core.c"], "versions": [{"version": "9ac8d17694b66d54b13e9718b25c14ca36dbebbd", "lessThan": "3feda3677e8bbe833c3a62a4091377a08f015b80", "status": "affected", "versionType": "git"}, {"version": "9ac8d17694b66d54b13e9718b25c14ca36dbebbd", "lessThan": "45e03d35229b680b79dfea1103a1f2f07d0b5d75", "status": "affected", "versionType": "git"}, {"version": "9ac8d17694b66d54b13e9718b25c14ca36dbebbd", "lessThan": "9cf71eb0faef4bff01df4264841b8465382d7927", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-microchip-core.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.6.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.10.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80"}, {"url": "https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75"}, {"url": "https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927"}], "title": "spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42279", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:11:42.802690Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:31.191Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42279", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:11:42.802690Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.809Z"}}], "cna": {"title": "spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9ac8d17694b66d54b13e9718b25c14ca36dbebbd", "lessThan": "3feda3677e8bbe833c3a62a4091377a08f015b80", "versionType": "git"}, {"status": "affected", "version": "9ac8d17694b66d54b13e9718b25c14ca36dbebbd", "lessThan": "45e03d35229b680b79dfea1103a1f2f07d0b5d75", "versionType": "git"}, {"status": "affected", "version": "9ac8d17694b66d54b13e9718b25c14ca36dbebbd", "lessThan": "9cf71eb0faef4bff01df4264841b8465382d7927", "versionType": "git"}], "programFiles": ["drivers/spi/spi-microchip-core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.0"}, {"status": "unaffected", "version": "0", "lessThan": "6.0", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/spi/spi-microchip-core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80"}, {"url": "https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75"}, {"url": "https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:25:48.623Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42279", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:25:48.623Z", "dateReserved": "2024-07-30T07:40:12.261Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:08:46.829Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE117457-3A46-40BF-AE08-482CBF310F21", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: microchip-core: aseg\u00farese de que los FIFO de TX y RX est\u00e9n vac\u00edos al inicio de una transferencia. Mientras se transmite con rx_len == 0, el FIFO de RX no se vaciar\u00e1 en la interrupci\u00f3n entrenador de animales. Una transferencia posterior podr\u00eda leer basura de la transferencia anterior desde el RX FIFO al b\u00fafer de inicio de RX. El n\u00facleo proporciona un registro que vaciar\u00e1 los FIFO RX y TX, as\u00ed que h\u00e1galo antes de cada transferencia."}], "id": "CVE-2024-42279", "lastModified": "2025-10-02T18:32:28.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-17T09:15:08.880", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer", "id": "2305424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305424"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", "status": "draft"}, "cwe": "CWE-388", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer."], "name": "CVE-2024-42279", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42279\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42279\nhttps://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-13T11:30:57.076976+00:00", "updated": "2025-07-13T11:30:57.077051+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}