CVE-2022-49122

Summary

In the Linux kernel, the following vulnerability has been resolved:

dm ioctl: prevent potential spectre v1 gadget

It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 76c94651005f58885facf9c973007f5ea01ab01faffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 58880025e3362024f6d8ea01cb0c7a5df6c84ba6affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7ae2c5b89da3cfaf856df880af27d3bb32a74b3daffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0320bac5801b31407200227173205d017488f140affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 71c8df33fd777c7628f6fbc09b14e84806c55914affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 02cc46f397eb3691c56affbd5073e54f7a82ac32affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 44e6cb3ab177faae840bb2c1ebda9a2539876184affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < dd86064417de828ff2102ddc6049c829bf7585b4affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < cd9c88da171a62c4b0f1c70e50c75845969fbc18affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.9.311 <= 4.9.*unaffected
LinuxLinux4.14.276 <= 4.14.*unaffected
LinuxLinux4.19.238 <= 4.19.*unaffected
LinuxLinux5.4.189 <= 5.4.*unaffected
LinuxLinux5.10.111 <= 5.10.*unaffected
LinuxLinux5.15.34 <= 5.15.*unaffected
LinuxLinux5.16.20 <= 5.16.*unaffected
LinuxLinux5.17.3 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

References