cve/published/2024/CVE-2024-56771.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information\n\nThese four chips:\n* W25N512GW\n* W25N01GW\n* W25N01JW\n* W25N02JW\nall require a single bit of ECC strength and thus feature an on-die\nHamming-like ECC engine. There is no point in filling a ->get_status()\ncallback for them because the main ECC status bytes are located in\nstandard places, and retrieving the number of bitflips in case of\ncorrected chunk is both useless and unsupported (if there are bitflips,\nthen there is 1 at most, so no need to query the chip for that).\n\nWithout this change, a kernel warning triggers every time a bit flips."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/mtd/nand/spi/winbond.c"
                ],
                "versions": [
                   {
                      "version": "6a804fb72de56d6a99b799f565ae45f2cec7cd55",
                      "lessThan": "234d5f75c3ae911b52c5e4442b8a87fbbd129836",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "6a804fb72de56d6a99b799f565ae45f2cec7cd55",
                      "lessThan": "fee9b240916df82a8b07aef0fdfe96785417a164",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/mtd/nand/spi/winbond.c"
                ],
                "versions": [
                   {
                      "version": "6.7",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.7",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12.4",
                      "lessThanOrEqual": "6.12.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.13",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.7",
                            "versionEndExcluding": "6.12.4"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.7",
                            "versionEndExcluding": "6.13"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/234d5f75c3ae911b52c5e4442b8a87fbbd129836"
             },
             {
                "url": "https://git.kernel.org/stable/c/fee9b240916df82a8b07aef0fdfe96785417a164"
             }
          ],
          "title": "mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-56771",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information\n\nThese four chips:\n* W25N512GW\n* W25N01GW\n* W25N01JW\n* W25N02JW\nall require a single bit of ECC strength and thus feature an on-die\nHamming-like ECC engine. There is no point in filling a ->get_status()\ncallback for them because the main ECC status bytes are located in\nstandard places, and retrieving the number of bitflips in case of\ncorrected chunk is both useless and unsupported (if there are bitflips,\nthen there is 1 at most, so no need to query the chip for that).\n\nWithout this change, a kernel warning triggers every time a bit flips."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/mtd/nand/spi/winbond.c"
	],
	"versions": [
	{
	"version": "6a804fb72de56d6a99b799f565ae45f2cec7cd55",
	"lessThan": "234d5f75c3ae911b52c5e4442b8a87fbbd129836",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "6a804fb72de56d6a99b799f565ae45f2cec7cd55",
	"lessThan": "fee9b240916df82a8b07aef0fdfe96785417a164",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/mtd/nand/spi/winbond.c"
	],
	"versions": [
	{
	"version": "6.7",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.7",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.12.4",
	"lessThanOrEqual": "6.12.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.13",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.7",
	"versionEndExcluding": "6.12.4"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.7",
	"versionEndExcluding": "6.13"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/234d5f75c3ae911b52c5e4442b8a87fbbd129836"
	},
	{
	"url": "https://git.kernel.org/stable/c/fee9b240916df82a8b07aef0fdfe96785417a164"
	}
	],
	"title": "mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-56771",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}