CVE-2024-53062

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: mgb4: protect driver against spectre

Frequency range is set from sysfs via frequency_range_store(), being vulnerable to spectre, as reported by smatch:

drivers/media/pci/mgb4/mgb4_cmt.c:231 mgb4_cmt_set_vin_freq_range() warn: potential spectre issue 'cmt_vals_in' [r]
drivers/media/pci/mgb4/mgb4_cmt.c:238 mgb4_cmt_set_vin_freq_range() warn: possible spectre second half.  'reg_set'

Fix it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0ab13674a9bd10514486cf1670d71dbd8afec421 < e0bc90742bbd6eb9c63e6c22f8f6e10be7b1e225affected
LinuxLinux0ab13674a9bd10514486cf1670d71dbd8afec421 < 2aee207e5b3c94ef859316008119ea06d6798d49affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.11.8 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References