In the Linux kernel, the following vulnerability has been resolved:
xfrm/compat: prevent potential spectre v1 gadget in xfrmxlate32attr()
int type = nla_type(nla);
if (type > XFRMA_MAX) { return -EOPNOTSUPP; }
@type is then used as an array index and can be used as a Spectre v1 gadget.
if (nlalen(nla) < compatpolicy[type].len) {
arrayindexnospec() can be used to prevent leaking content of kernel memory to malicious users.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "target": { "file": "net/xfrm/xfrm_compat.c", "function": "xfrm_xlate32_attr" }, "id": "CVE-2023-52746-0247afe5", "digest": { "length": 841.0, "function_hash": "177830980038401238729406818552368353854" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a893cc644812728e86e9aff517fd5698812ecef0" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "net/xfrm/xfrm_compat.c" }, "id": "CVE-2023-52746-4abeddd9", "digest": { "line_hashes": [ "313104042654193393861099371607150722789", "33743211695447739967273459362559774139", "102895761579399283926313797296547329962", "186857174566692655457801168856658985418", "278361818921176435325837038940267292163" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a893cc644812728e86e9aff517fd5698812ecef0" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "net/xfrm/xfrm_compat.c" }, "id": "CVE-2023-52746-4c4bcba6", "digest": { "line_hashes": [ "313104042654193393861099371607150722789", "33743211695447739967273459362559774139", "102895761579399283926313797296547329962", "186857174566692655457801168856658985418", "278361818921176435325837038940267292163" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@419674224390fca298020fc0751a20812f84b12d" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "net/xfrm/xfrm_compat.c" }, "id": "CVE-2023-52746-54fc9d4e", "digest": { "line_hashes": [ "313104042654193393861099371607150722789", "33743211695447739967273459362559774139", "102895761579399283926313797296547329962", "186857174566692655457801168856658985418", "278361818921176435325837038940267292163" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5dc688fae6b7be9dbbf5304a3d2520d038e06db5" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "net/xfrm/xfrm_compat.c", "function": "xfrm_xlate32_attr" }, "id": "CVE-2023-52746-6089c9d5", "digest": { "length": 841.0, "function_hash": "177830980038401238729406818552368353854" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@419674224390fca298020fc0751a20812f84b12d" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "net/xfrm/xfrm_compat.c", "function": "xfrm_xlate32_attr" }, "id": "CVE-2023-52746-c9e3d3ba", "digest": { "length": 841.0, "function_hash": "177830980038401238729406818552368353854" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b6ee896385380aa621102e8ea402ba12db1cabff" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "net/xfrm/xfrm_compat.c", "function": "xfrm_xlate32_attr" }, "id": "CVE-2023-52746-cb3b27d1", "digest": { "length": 841.0, "function_hash": "177830980038401238729406818552368353854" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5dc688fae6b7be9dbbf5304a3d2520d038e06db5" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "net/xfrm/xfrm_compat.c" }, "id": "CVE-2023-52746-eb7abe32", "digest": { "line_hashes": [ "313104042654193393861099371607150722789", "33743211695447739967273459362559774139", "102895761579399283926313797296547329962", "186857174566692655457801168856658985418", "278361818921176435325837038940267292163" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b6ee896385380aa621102e8ea402ba12db1cabff" } ] }