CVE-2024-44931
Published: Aug 26, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 - < 18504710442671b02d00e6db9804a0ad26c5a479affected 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 - < 9ae2d8e75b741dbcb0da374753f972410e83b5f3affected 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 - < 9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0affected 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 - < c65ab97efcd438cb4e9f299400f2ea55251f3a67affected 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 - < 672c19165fc96dfad531a5458e0b3cdab414aae4+3 more versions |
Linux | Linux | affected 4.6unaffected 0 - < 4.6unaffected 4.19.323 - <= 4.19.*unaffected 5.4.285 - <= 5.4.*unaffected 5.10.227 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now