In the Linux kernel, the following vulnerability has been resolved:
xfrm/compat: prevent potential spectre v1 gadget in xfrmxlate32attr()
int type = nla_type(nla);
if (type > XFRMA_MAX) { return -EOPNOTSUPP; }
@type is then used as an array index and can be used as a Spectre v1 gadget.
if (nlalen(nla) < compatpolicy[type].len) {
arrayindexnospec() can be used to prevent leaking content of kernel memory to malicious users.
[
{
"id": "CVE-2023-52746-0247afe5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 841.0,
"function_hash": "177830980038401238729406818552368353854"
},
"target": {
"function": "xfrm_xlate32_attr",
"file": "net/xfrm/xfrm_compat.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a893cc644812728e86e9aff517fd5698812ecef0",
"signature_type": "Function"
},
{
"id": "CVE-2023-52746-4abeddd9",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"313104042654193393861099371607150722789",
"33743211695447739967273459362559774139",
"102895761579399283926313797296547329962",
"186857174566692655457801168856658985418",
"278361818921176435325837038940267292163"
],
"threshold": 0.9
},
"target": {
"file": "net/xfrm/xfrm_compat.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a893cc644812728e86e9aff517fd5698812ecef0",
"signature_type": "Line"
},
{
"id": "CVE-2023-52746-4c4bcba6",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"313104042654193393861099371607150722789",
"33743211695447739967273459362559774139",
"102895761579399283926313797296547329962",
"186857174566692655457801168856658985418",
"278361818921176435325837038940267292163"
],
"threshold": 0.9
},
"target": {
"file": "net/xfrm/xfrm_compat.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@419674224390fca298020fc0751a20812f84b12d",
"signature_type": "Line"
},
{
"id": "CVE-2023-52746-54fc9d4e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"313104042654193393861099371607150722789",
"33743211695447739967273459362559774139",
"102895761579399283926313797296547329962",
"186857174566692655457801168856658985418",
"278361818921176435325837038940267292163"
],
"threshold": 0.9
},
"target": {
"file": "net/xfrm/xfrm_compat.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5dc688fae6b7be9dbbf5304a3d2520d038e06db5",
"signature_type": "Line"
},
{
"id": "CVE-2023-52746-6089c9d5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 841.0,
"function_hash": "177830980038401238729406818552368353854"
},
"target": {
"function": "xfrm_xlate32_attr",
"file": "net/xfrm/xfrm_compat.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@419674224390fca298020fc0751a20812f84b12d",
"signature_type": "Function"
},
{
"id": "CVE-2023-52746-c9e3d3ba",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 841.0,
"function_hash": "177830980038401238729406818552368353854"
},
"target": {
"function": "xfrm_xlate32_attr",
"file": "net/xfrm/xfrm_compat.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b6ee896385380aa621102e8ea402ba12db1cabff",
"signature_type": "Function"
},
{
"id": "CVE-2023-52746-cb3b27d1",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 841.0,
"function_hash": "177830980038401238729406818552368353854"
},
"target": {
"function": "xfrm_xlate32_attr",
"file": "net/xfrm/xfrm_compat.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5dc688fae6b7be9dbbf5304a3d2520d038e06db5",
"signature_type": "Function"
},
{
"id": "CVE-2023-52746-eb7abe32",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"313104042654193393861099371607150722789",
"33743211695447739967273459362559774139",
"102895761579399283926313797296547329962",
"186857174566692655457801168856658985418",
"278361818921176435325837038940267292163"
],
"threshold": 0.9
},
"target": {
"file": "net/xfrm/xfrm_compat.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b6ee896385380aa621102e8ea402ba12db1cabff",
"signature_type": "Line"
}
]