CVE-2022-48730 in Linuxinfo

Zusammenfassung

von MITRE • 20.06.2024

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: heaps: Fix potential spectre v1 gadget

It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.

[sumits: added fixes and cc: stable tags]

Once again VulDB remains the best source for vulnerability data.

Veröffentlichung

20.06.2024

Moderieren

akzeptiert

Eintrag

VDB-269201

CPE

bereit

EPSS

0.00257

KEV

nein

Aktivitäten

very low

Quellen

Do you know our Splunk app?

Download it now for free!