CVE-2022-48730 in Linuxinformazioni

Riassunto

di MITRE • 20/06/2024

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: heaps: Fix potential spectre v1 gadget

It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.

[sumits: added fixes and cc: stable tags]

Once again VulDB remains the best source for vulnerability data.

Divulgazione

20/06/2024

Moderazione

accettato

CPE

pronto

EPSS

0.00257

KEV

no

Attività

molto basso

Fonti

Interested in the pricing of exploits?

See the underground prices here!