PT-2024-32189 · Linux+6 · Linux Kernel+6

Breno Leitao

·

Published

2024-06-28

·

Updated

2026-05-26

·

CVE-2024-46774

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the prevention of Spectre v1 gadget construction in the sys rtas() function. The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy to user() after they are subject to bounds checks. To address this, array index nospec() is used after the bounds checks to clamp these values for speculative execution. The Smatch tool warns of a potential spectre issue with 'args.args'.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
BDU:2025-07244
CVE-2024-46774
DLA-4193-1
DSA-5907-1
ECHO-72A3-5D19-37AD
OPENSUSE-SU-2024_3547-1
OPENSUSE-SU-2024_3551-1
OPENSUSE-SU-2024_3561-1
OPENSUSE-SU-2024_3564-1
OPENSUSE-SU-2024_3585-1
OPENSUSE-SU-2024_3587-1
OPENSUSE-SU-2024_3592-1
SUSE-SU-2024:3547-1
SUSE-SU-2024:3551-1
SUSE-SU-2024:3553-1
SUSE-SU-2024:3559-1
SUSE-SU-2024:3561-1
SUSE-SU-2024:3563-1
SUSE-SU-2024:3564-1
SUSE-SU-2024:3565-1
SUSE-SU-2024:3566-1
SUSE-SU-2024:3567-1
SUSE-SU-2024:3569-1
SUSE-SU-2024:3585-1
SUSE-SU-2024:3587-1
SUSE-SU-2024:3591-1
SUSE-SU-2024:3592-1
SUSE-SU-2025:20073-1
SUSE-SU-2025:20077-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu