Linux Kernel Spectre Vulnerability Mitigation in DRM Compatibility IOCTL Handling

A vulnerability related to speculative execution has been addressed in the Linux kernel's DRM compatibility IOCTL handling. The issue arose because a user-controlled pointer was dereferenced into a table of function pointers, creating a potential Spectre v1 vulnerability. This has been fixed by adding a non-speculative array index calculation before accessing the function pointer list. The vulnerability affects the Linux kernel through version 6.4.0.

Impact

Exploitation of this vulnerability could lead to a Spectre v1 type issue, where an attacker could potentially read sensitive information across memory boundaries.

Reproduction

The vulnerability can be reproduced by invoking the DRM compatibility IOCTLs with a user-controlled pointer that can be manipulated to access arbitrary locations in the function pointer table. This can be done by crafting specific IOCTL commands that exploit the lack of proper bounds checking on the indices used to access the function pointers.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.