摘要:
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix potential spectre v1 gadget
It appears like nr could be a Spectre v1 gadget as it's supplied by a
user and used as an array index. Prevent the contents
of kernel memory from being leaked to userspace via speculative
execution by using array_index_nospec.
[sumits: added fixes and cc: stable tags]
安全等级: Low
公告ID: KylinSec-SA-2024-3189
发布日期: 2024年7月17日
关联CVE: CVE-2022-48730
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix potential spectre v1 gadget
It appears like nr could be a Spectre v1 gadget as it's supplied by a
user and used as an array index. Prevent the contents
of kernel memory from being leaked to userspace via speculative
execution by using array_index_nospec.
[sumits: added fixes and cc: stable tags]
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-48730 | KY3.4-5A | kernel | Unaffected |
| CVE-2022-48730 | KY3.5.2 | kernel | Unaffected |
| CVE-2022-48730 | V6 | kernel | Unaffected |
