In the Linux kernel, the following vulnerability has been resolved:
protect the fetch of ->fd[fd] in do_dup2() from mispredictions
both callers have verified that fd is not greater than ->max_fds;
however, misprediction might end up with
tofree = fdt->fd[fd];
being speculatively executed. That's wrong for the same reasons
why it's wrong in close_fd()/file_close_fd_locked(); the same
solution applies - array_index_nospec(fd, fdt->max_fds) could differ
from fd only in case of speculative execution on mispredicted path.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-99 |
Tue, 24 Sep 2024 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/o:redhat:enterprise_linux:8 | |
Vendors & Products |
Redhat
Redhat enterprise Linux |
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 19 Aug 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Mon, 19 Aug 2024 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Sat, 17 Aug 2024 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_locked(); the same solution applies - array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredicted path. | |
Title | protect the fetch of ->fd[fd] in do_dup2() from mispredictions | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-08-17T08:54:21.636Z
Updated: 2024-12-19T09:15:09.647Z
Reserved: 2024-07-30T07:40:12.259Z
Link: CVE-2024-42265
Vulnrichment
Updated: 2024-09-11T12:42:14.436Z
NVD
Status : Awaiting Analysis
Published: 2024-08-17T09:15:07.893
Modified: 2024-08-19T12:59:59.177
Link: CVE-2024-42265
Redhat