References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

x86/fred: Correct speculative safety in fred_extint()

array_index_nospec() is no use if the result gets spilled to the stack, as
it makes the believed safe-under-speculation value subject to memory
predictions.

For all practical purposes, this means array_index_nospec() must be used in
the expression that accesses the array.

As the code currently stands, it's the wrong side of irqentry_enter(), and
'index' is put into %ebp across the function call.

Remove the index variable and reposition array_index_nospec(), so it's
calculated immediately before the array access.

https://git.kernel.org/stable/c/3bc5887b0a2b06d2d9c22f1f4f8500490b3ae643

https://git.kernel.org/stable/c/92caa5274b99cb6729177232a029ce0dfa6c5f7b

https://git.kernel.org/stable/c/aa280a08e7d8fae58557acc345b36b3dc329d595

https://git.kernel.org/stable/c/e58f1a9b0677de24dcfee0b21393446ec92ff120