{
  "schema_version": "1.4.0",
  "id": "GHSA-3wh6-h4gj-wjr7",
  "modified": "2025-04-30T15:30:44Z",
  "published": "2024-05-21T15:31:41Z",
  "aliases": [
    "CVE-2021-47282"
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm2835: Fix out-of-bounds access with more than 4 slaves\n\nCommit 571e31fa60b3 (\"spi: bcm2835: Cache CS register value for\n->prepare_message()\") limited the number of slaves to 3 at compile-time.\nThe limitation was necessitated by a statically-sized array prepare_cs[]\nin the driver private data which contains a per-slave register value.\n\nThe commit sought to enforce the limitation at run-time by setting the\ncontroller's num_chipselect to 3:  Slaves with a higher chipselect are\nrejected by spi_add_device().\n\nHowever the commit neglected that num_chipselect only limits the number\nof *native* chipselects.  If GPIO chipselects are specified in the\ndevice tree for more than 3 slaves, num_chipselect is silently raised by\nof_spi_get_gpio_numbers() and the result are out-of-bounds accesses to\nthe statically-sized array prepare_cs[].\n\nAs a bandaid fix which is backportable to stable, raise the number of\nallowed slaves to 24 (which \"ought to be enough for anybody\"), enforce\nthe limitation on slave ->setup and revert num_chipselect to 3 (which is\nthe number of native chipselects supported by the controller).\nAn upcoming for-next commit will allow an arbitrary number of slaves.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
    }
  ],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47282"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01415ff85a24308059e06ca3e97fd7bf75648690"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13817d466eb8713a1ffd254f537402f091d48444"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/82a8ffba54d31e97582051cb56ba1f988018681e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5502580cf958b094f3b69dfe4eece90eae01fbc"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "severity": "HIGH",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:16Z"
  }
}