In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec. Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.
| Product | Vendor | Version |
|---|---|---|
| Linux | Linux | QCA6430 |
| Linux | Linux | QCA8081 |
| Linux | Linux | All versions < V2022.1.3 |
| Linux | Linux | as shipped in Red Hat Openshift 4 |