CVE-2026-31781
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/ioc32: stop speculation on the drm_compat_ioctl path
The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up by calling array_index_nospec() on the index to the function pointer list.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 505b5240329b922f21f91d5b5d1e535c805eca6d < 46a60ee8956ef1975f00455f614761c7ecedc09d | affected |
| Linux | Linux | 505b5240329b922f21f91d5b5d1e535c805eca6d < 5bb398991f378ef74d90b14a6ea8b61ff96cc03a | affected |
| Linux | Linux | 505b5240329b922f21f91d5b5d1e535c805eca6d < d59c5d8539662d95887b4564f3f72ad38076a2d5 | affected |
| Linux | Linux | 505b5240329b922f21f91d5b5d1e535c805eca6d < 489f2ef2b908898d01df697dc4fe1476674be640 | affected |
| Linux | Linux | 505b5240329b922f21f91d5b5d1e535c805eca6d < 4a41c2b18fc05d30b718d2602cac339eae710b34 | affected |
| Linux | Linux | 505b5240329b922f21f91d5b5d1e535c805eca6d < f0e441be08a2eab10b2d06fccfa267ee599dd6b3 | affected |
| Linux | Linux | 505b5240329b922f21f91d5b5d1e535c805eca6d < 27ef84bba9b9d7b03418c60fbc6069ea0e87b13c | affected |
| Linux | Linux | 505b5240329b922f21f91d5b5d1e535c805eca6d < f8995c2df519f382525ca4bc90553ad2ec611067 | affected |
| Linux | Linux | abc60edcfc87771ff244763d4d19c67766f5dd0f | affected |
| Linux | Linux | a2a840d6dcae960c2dfdf3fcb1b759e1b7d90663 | affected |
| Linux | Linux | 00279b505289f7529d9be2e78915d0483ffbd314 | affected |
| Linux | Linux | d04e6ea0cec9e7d6cba806508f657d2d0dc6cacf | affected |
| Linux | Linux | 7f3ebea19795eb38438cd3709fabf2afd53cf447 | affected |
| Linux | Linux | 3.16.63 < 3.17 | affected |
| Linux | Linux | 4.4.170 < 4.5 | affected |
| Linux | Linux | 4.9.148 < 4.10 | affected |
| Linux | Linux | 4.14.91 < 4.15 | affected |
| Linux | Linux | 4.19.13 < 4.20 | affected |
| Linux | Linux | 4.20 | affected |
| Linux | Linux | 0 < 4.20 | unaffected |
| Linux | Linux | 5.10.253 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.203 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.168 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.134 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.81 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.22 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.12 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/46a60ee8956ef1975f00455f614761c7ecedc09d
- https://git.kernel.org/stable/c/5bb398991f378ef74d90b14a6ea8b61ff96cc03a
- https://git.kernel.org/stable/c/d59c5d8539662d95887b4564f3f72ad38076a2d5
- https://git.kernel.org/stable/c/489f2ef2b908898d01df697dc4fe1476674be640
- https://git.kernel.org/stable/c/4a41c2b18fc05d30b718d2602cac339eae710b34
- https://git.kernel.org/stable/c/f0e441be08a2eab10b2d06fccfa267ee599dd6b3
- https://git.kernel.org/stable/c/27ef84bba9b9d7b03418c60fbc6069ea0e87b13c
- https://git.kernel.org/stable/c/f8995c2df519f382525ca4bc90553ad2ec611067
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.