5.5
CVE-2022-48730
- EPSS 0.26%
- Veröffentlicht 20.06.2024 12:15:11
- Zuletzt bearbeitet 06.01.2025 21:33:14
- CVE-Watchlists
- Unerledigt
dma-buf: heaps: Fix potential spectre v1 gadget
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. [sumits: added fixes and cc: stable tags]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.6 < 5.10.99
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.22
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.8
Linux ≫ Linux Kernel Version5.17 Updaterc1
Linux ≫ Linux Kernel Version5.17 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.168 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
https://git.kernel.org/stable/c/24f8e12d965b24f8aea762589e0e9fe2025c005e
https://git.kernel.org/stable/c/5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3a
https://git.kernel.org/stable/c/92c4cfaee6872038563c5b6f2e8e613f9d84d47d
https://git.kernel.org/stable/c/cc8f7940d9c2d45f67b3d1a2f2b7a829ca561bed