Linux Kernel Microchip QSPI SPI Driver Transmission Vulnerability During Emulated Read-Only Dual/Quad Operations

A vulnerability in the Linux kernel's SPI microchip-core-QSPI driver has been addressed. The issue arose because the driver improperly handled emulated read-only dual and quad operations by transmitting unnecessary data, which interfered with the transfer process. Unlike standard SPI, QSPI lacks a dedicated master-out line, causing the transfer to fail. The problem was exacerbated by the core losing track of the data transmission state. The vulnerability affected the Linux kernel stable tree.

Impact

The incorrect data transmission during dual and quad operations could disrupt QSPI data transfers, potentially causing data loss or corruption.

Reproduction

The vulnerability can be reproduced by using the Microchip QSPI SPI driver in a Linux kernel environment. Emulate read-only dual or quad operations, which will trigger the driver to transmit garbage data. This improper handling will likely 'brick' the transfer, disrupting normal QSPI operations.

Remediation

Users can update to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.