发布于3月6日3月6日 超级管理员 Red Hat: CVE-2024-39499: kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver() (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:C/I:N/A:N) Published 07/12/2024 Created 09/26/2024 Added 09/25/2024 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index without sanitization. This change ensures that the event index is sanitized to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Only compile tested, no access to HW. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-39499 RHSA-2024:11313 RHSA-2024:7000 RHSA-2024:7001 RHSA-2024:9315
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。