CVE-2024-46774

2024-09-1808:15:05

Debian Security Bug Tracker

security-tracker.debian.org

cve-2024-46774

powerpc

rtas

unix

security

AI Score

Confidence

High

EPSS

Percentile

9.6%

JSON

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue ‘args.args’ [r] (local cap) The ‘nargs’ and ‘nret’ locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux<= 6.1.106-3linux_6.1.106-3_all.deb
Debian11alllinux<= 5.10.223-1linux_5.10.223-1_all.deb
Debian999alllinux<= 6.10.9-1linux_6.10.9-1_all.deb
Debian13alllinux<= 6.10.9-1linux_6.10.9-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	<= 6.1.106-3	linux_6.1.106-3_all.deb
Debian	11	all	linux	<= 5.10.223-1	linux_5.10.223-1_all.deb
Debian	999	all	linux	<= 6.10.9-1	linux_6.10.9-1_all.deb
Debian	13	all	linux	<= 6.10.9-1	linux_6.10.9-1_all.deb