Resource Leak Affecting python3-perf package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-PYTHON3PERF-7333081
- published 8 Jul 2024
- disclosed 20 Jun 2024
Introduced: 20 Jun 2024
CVE-2022-48730 Open this link in a new tabHow to fix?
There is no fixed version for Centos:8 python3-perf.
NVD Description
Note: Versions mentioned in the description apply only to the upstream python3-perf package and not the python3-perf package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix potential spectre v1 gadget
It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.
[sumits: added fixes and cc: stable tags]
References
- https://access.redhat.com/security/cve/CVE-2022-48730
- https://git.kernel.org/stable/c/24f8e12d965b24f8aea762589e0e9fe2025c005e
- https://git.kernel.org/stable/c/5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3a
- https://git.kernel.org/stable/c/92c4cfaee6872038563c5b6f2e8e613f9d84d47d
- https://git.kernel.org/stable/c/cc8f7940d9c2d45f67b3d1a2f2b7a829ca561bed