mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.1 KiB
1.1 KiB
CVE-2024-46774
Description
In the Linux kernel, the following vulnerability has been resolved:powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap)The 'nargs' and 'nret' locals come directly from a user-suppliedbuffer and are used as indexes into a small stack-based array and asinputs to copy_to_user() after they are subject to bounds checks.Use array_index_nospec() after the bounds checks to clamp these valuesfor speculative execution.
POC
Reference
No PoCs from references.