Linux Kernel Vulnerability Affecting io_uring Implementation by Linux Foundation
CVE-2024-58000

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability in the Linux kernel's io_uring implementation allows for potential exploitation through speculative execution. By specifying an offset into a pre-mapped memory region, attackers could manipulate arguments passed during waiting loops, leading to unintended behavior. To mitigate this risk, the kernel uses the array_index_nospec() function to filter input correctly and prevent speculation exploits. Adjustments ensure that only safe, truncated regions of memory are referenced, thus enhancing the system's security posture.

Affected Version(s)

Linux aa00f67adc2c0d6439f81b5a81ff181377c47a7e < 2a6de94df7bfa76d9850443547e7b3333f63a16a

Linux aa00f67adc2c0d6439f81b5a81ff181377c47a7e < 29b95ac917927ce9f95bf38797e16333ecb489b1

Linux 6.13

References

https://git.kernel.org/stable/c/2a6de94df7bfa76d985044354...

https://git.kernel.org/stable/c/29b95ac917927ce9f95bf3879...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025