Linux · Linux Kernel · CVE-2024-44931
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue allows userspace to trigger a speculative read of an address outside the gpio descriptor array by calling `gpio ioctl()` with an offset out of range. The offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in `gpio device get desc()`. This change ensures that the offset is sanitized by using `array index nospec()` to mitigate any possibility of speculative information leaks.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.