CVE-2022-48730
- Source
- https://cve.org/CVERecord?id=CVE-2022-48730
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48730.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48730
- Downstream
- Related
- Published
- 2024-06-20T11:13:18.750Z
- Modified
- 2026-03-13T05:59:29.559096Z
- Summary
- dma-buf: heaps: Fix potential spectre v1 gadget
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix potential spectre v1 gadget
It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using arrayindexnospec.
[sumits: added fixes and cc: stable tags]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48730.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/24f8e12d965b24f8aea762589e0e9fe2025c005e
- https://git.kernel.org/stable/c/5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3a
- https://git.kernel.org/stable/c/92c4cfaee6872038563c5b6f2e8e613f9d84d47d
- https://git.kernel.org/stable/c/cc8f7940d9c2d45f67b3d1a2f2b7a829ca561bed
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48730.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-48730
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc02a81fba74fe3488ad6b08bfb5a1329005418f8Fixed5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3aFixed24f8e12d965b24f8aea762589e0e9fe2025c005eFixedcc8f7940d9c2d45f67b3d1a2f2b7a829ca561bedFixed92c4cfaee6872038563c5b6f2e8e613f9d84d47d