CVE-2024-58000

Feb. 27, 2025, 2:15 a.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent reg-wait speculations With *ENTER_EXT_ARG_REG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the [offset, offset + sizeof(io_uring_reg_wait)) will be intepreted as the argument. As we address a kernel array using a user given index, it'd be a subject to speculation type of exploits. Use array_index_nospec() to prevent that. Make sure to pass not the full region size but truncate by the maximum offset allowed considering the structure size.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/29b95ac917927ce9f95bf38797e16333ecb489b1
https://git.kernel.org/stable/c/2a6de94df7bfa76d9850443547e7b3333f63a16a

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-02-27
CVE-2024-58000

Timeline

Published: Feb. 27, 2025, 2:15 a.m.
Last Modified: Feb. 27, 2025, 2:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.