Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent reg-wait speculations With *ENTER_EXT_ARG_REG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the [offset, offset + sizeof(io_uring_reg_wait)) will be intepreted as the argument. As we address a kernel array using a user given index, it'd be a subject to speculation type of exploits. Use array_index_nospec() to prevent that. Make sure to pass not the full region size but truncate by the maximum offset allowed considering the structure size.

INFO

Published Date :

2025-02-27T02:07:19.155Z

Last Modified :

2025-05-04T10:08:06.384Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-58000 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-58000.

URL Resource
https://git.kernel.org/stable/c/29b95ac917927ce9f95bf38797e16333ecb489b1 cve-icon cve-icon
https://git.kernel.org/stable/c/2a6de94df7bfa76d9850443547e7b3333f63a16a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022642-CVE-2024-58000-4f74@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-58000 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-58000 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact