Linux Kernel TI ADC161S626 DMA-Safe Memory Vulnerability in SPI Read

A vulnerability in the Linux kernel's handling of SPI communication for the TI ADC161S626 analog-to-digital converter has been addressed. The issue was that the driver used stack memory for SPI reads, which is not safe for Direct Memory Access (DMA) operations. This vulnerability affected the IIO ADC driver for the TI ADC161S626, which is used for Texas Instruments' 1-channel differential ADCs. The vulnerability has been resolved by modifying the driver to use a DMA-safe buffer for SPI reads, ensuring that all SPI buffers are compatible with DMA requirements.

Impact

The vulnerability could lead to improper handling of SPI data, potentially causing issues in applications that rely on accurate ADC readings from the TI ADC161S626.

Reproduction

The vulnerability can be reproduced by using the TI ADC161S626 with the Linux kernel version prior to the patch. The ADC driver will incorrectly use stack memory for SPI communications, which can lead to data mismanagement during the reading process.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit that addresses this issue is available in the Linux stable tree.