Metrics
Affected Vendors & Products
Fri, 08 Nov 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 25 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-125 |
Thu, 17 Oct 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 30 Sep 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 05 Sep 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 27 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Mon, 26 Aug 2024 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. | |
Title | gpio: prevent potential speculation leaks in gpio_device_get_desc() | |
References |
|
Status: PUBLISHED
Assigner: Linux
Published: 2024-08-26T10:11:21.425Z
Updated: 2024-12-19T09:18:22.705Z
Reserved: 2024-08-21T05:34:56.663Z
Link: CVE-2024-44931
Updated: 2024-09-11T12:42:12.337Z
Status : Modified
Published: 2024-08-26T11:15:05.447
Modified: 2024-11-08T16:15:22.593
Link: CVE-2024-44931