Bug 2313122 (CVE-2024-46774)

Summary: CVE-2024-46774 kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dfreiber, drow, harr.ybajwaa7, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2313229    
Bug Blocks:    

Description OSIDB Bzimport 2024-09-18 08:22:32 UTC 
In the Linux kernel, the following vulnerability has been resolved:

powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()

Smatch warns:

  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential
  spectre issue 'args.args' [r] (local cap)

The 'nargs' and 'nret' locals come directly from a user-supplied
buffer and are used as indexes into a small stack-based array and as
inputs to copy_to_user() after they are subject to bounds checks.

Use array_index_nospec() after the bounds checks to clamp these values
for speculative execution.
Comment 1 Michal Findra 2024-09-18 11:13:56 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T
Comment 3 harryy 2026-02-04 04:01:37 UTC 
Honestly impressed from the very first glance. The way this team explains their work shows real pride and experience in professional masonry services. While browsing https://www.fairfieldmasonrypros.com you can clearly feel the focus on quality, detail, and customer satisfaction. Everything is laid out simply, making it easy to trust their process and skills. Great work overall—this is the kind of craftsmanship people look for.