CVE-2024-58000

Published: Feb 27, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent reg-wait speculations With *ENTER_EXT_ARG_REG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the [offset, offset + sizeof(io_uring_reg_wait)) will be intepreted as the argument. As we address a kernel array using a user given index, it'd be a subject to speculation type of exploits. Use array_index_nospec() to prevent that. Make sure to pass not the full region size but truncate by the maximum offset allowed considering the structure size.

Vendor	Product	Versions
Linux	Linux	affected `aa00f67adc2c0d6439f81b5a81ff181377c47a7e - < 2a6de94df7bfa76d9850443547e7b3333f63a16a` affected `aa00f67adc2c0d6439f81b5a81ff181377c47a7e - < 29b95ac917927ce9f95bf38797e16333ecb489b1`
Linux	Linux	affected `6.13` unaffected `0 - < 6.13` unaffected `6.13.2 - <= 6.13.` unaffected `6.14 - <= `

References

https://git.kernel.org/stable/c/2a6de94df7bfa76d9850443547e7b3333f63a16a

https://git.kernel.org/stable/c/29b95ac917927ce9f95bf38797e16333ecb489b1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-58000

Description

Affected Products

References