2025-12-24 13:06:29
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() op-cs is copied in fun->mchip_number which is used to access the mchip_offsets and the rnb_gpio arrays. These arrays have NAND_MAX_CHIPS elements, so the index must be below this limit. Fix the sanity check in order to avoid the NAND_MAX_CHIPS value. This would lead to out-of-bound accesses.