CVE-2024-58000

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the io uring component. The issue allowed for reg-wait speculations, which could be exploited by passing a user pointer with arguments for the waiting loop. To address this, the kernel now uses the array index nospec() function to prevent speculation type exploits when accessing a kernel array using a user-given index. The fix also ensures that only the maximum offset allowed, considering the structure size, is passed instead of the full region size.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.