In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can be used as a Spectre v1 gadget. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 6.1.12-1 | linux_6.1.12-1_all.deb |
Debian | 11 | all | linux | < 5.10.178-1 | linux_5.10.178-1_all.deb |
Debian | 10 | all | linux | < 4.19.249-2 | linux_4.19.249-2_all.deb |
Debian | 999 | all | linux | < 6.1.12-1 | linux_6.1.12-1_all.deb |
Debian | 13 | all | linux | < 6.1.12-1 | linux_6.1.12-1_all.deb |