CVE-2024-46774

powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.08%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d2834ff1d9641a8695a09ea79cd901c7b6d4d05f
https://git.kernel.org/stable/c/a262c2dc833f2fe1bd5c53a4d899e7077d3b1da9
https://git.kernel.org/stable/c/b137af795399d8b657bad1646c18561530f35ed1
https://git.kernel.org/stable/c/1f1feff02e9da0dd0cdb195c428c42b5f9b6c771
https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8 patch
https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7 patch

Frequently Asked Questions

What is the severity of CVE-2024-46774?
CVE-2024-46774 has been scored as a high severity vulnerability.
How to fix CVE-2024-46774?
To fix CVE-2024-46774, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46774 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46774 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46774?
CVE-2024-46774 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.