Products
Linux Kernel
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Tags
CVE-2024-42265 details
Published : Aug. 17, 2024, 9:15 a.m.
Last Modified : Aug. 17, 2024, 9:15 a.m.
Last Modified : Aug. 17, 2024, 9:15 a.m.
Description
In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_locked(); the same solution applies - array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredicted path.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://git.kernel.org/stable/c/1171ceccabfd596ca370c5d2cbb47d110c3f2fe1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| https://git.kernel.org/stable/c/5db999fff545b924b24c9afd368ef5c17279b176 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| https://git.kernel.org/stable/c/8aa37bde1a7b645816cda8b80df4753ecf172bf1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| https://git.kernel.org/stable/c/da72e783afd27d9f487836b2e6738146c0edd149 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
This website uses the NVD API, but is not approved or certified by it.