In the Linux kernel, the following vulnerability has been resolved:
media: mgb4: protect driver against spectre
Frequency range is set from sysfs via frequencyrangestore(), being vulnerable to spectre, as reported by smatch:
drivers/media/pci/mgb4/mgb4_cmt.c:231 mgb4_cmt_set_vin_freq_range() warn: potential spectre issue 'cmt_vals_in' [r]
drivers/media/pci/mgb4/mgb4_cmt.c:238 mgb4_cmt_set_vin_freq_range() warn: possible spectre second half. 'reg_set'
Fix it.
[ { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2aee207e5b3c94ef859316008119ea06d6798d49", "signature_version": "v1", "target": { "function": "mgb4_cmt_set_vin_freq_range", "file": "drivers/media/pci/mgb4/mgb4_cmt.c" }, "digest": { "function_hash": "134900063882853776442621902970014553628", "length": 650.0 }, "id": "CVE-2024-53062-7a6ff03e" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2aee207e5b3c94ef859316008119ea06d6798d49", "signature_version": "v1", "target": { "file": "drivers/media/pci/mgb4/mgb4_cmt.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "290496518710039502290048918625545953788", "227853303263991122480735521919583704425", "1793377885334421757149342793669646884" ] }, "id": "CVE-2024-53062-acc255cb" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0bc90742bbd6eb9c63e6c22f8f6e10be7b1e225", "signature_version": "v1", "target": { "function": "mgb4_cmt_set_vin_freq_range", "file": "drivers/media/pci/mgb4/mgb4_cmt.c" }, "digest": { "function_hash": "134900063882853776442621902970014553628", "length": 650.0 }, "id": "CVE-2024-53062-b5e1f981" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0bc90742bbd6eb9c63e6c22f8f6e10be7b1e225", "signature_version": "v1", "target": { "file": "drivers/media/pci/mgb4/mgb4_cmt.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "290496518710039502290048918625545953788", "227853303263991122480735521919583704425", "1793377885334421757149342793669646884" ] }, "id": "CVE-2024-53062-c7ff9bef" } ]