VDB

CVE-2016-10764

CVE-2016-10764 PUBLISHED

In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.

EPSS 0.80% · 74.4th percentile

Risk Scores

EPSS Score
0.80%
74.4th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSlinux-riscv0, 5.13.0-1004.4, 5.13.0-1007.7+22.04.1
Ubuntu:22.04:LTSlinux-intel-iot-realtime0, 5.15.0-1073.75
Ubuntu:20.04:LTSlinux-azure-fde*, 5.4.0-1063.66+cvm3.2, 5.4.0-1064.67+cvm1.1
Ubuntu:20.04:LTSlinux-gke5.4.0-1086.93, 5.4.0-1102.109, 5.4.0-1105.112
Ubuntu:16.04:LTSlinux-hwe4.8.0-53.56~16.04.1, 0, 4.8.0-39.42~16.04.1
Ubuntu:20.04:LTSlinux-raspi25.3.0-1015.17, 5.3.0-1007.8, 0
Ubuntu:24.04:LTSlinux-raspi-realtime6.8.0-2019.20, 0
Ubuntu:22.04:LTSlinux-realtime5.15.0-1032.35, 0
Ubuntu:20.04:LTSlinux-riscv5.4.0-28.32, 5.4.0-31.35, 5.4.0-30.34

Exploit Intelligence

Timeline

  • Jul 27, 2019 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 16, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›