As warned by smatch: drivers/media/dvb-core/dvb_ca_en50221.c:1392 dvb_ca_en50221_io_do_ioctl() warn: potential spectre issue 'ca->slot_info' [r] (local cap) There's a potential of using a CAM ioctl for speculation. The risk here is minimum, as only a small subset of DVB boards have CI, with a CAM module installed. Also, exploiting it would require an user capable of starting a DVB application. There are probably a lot of easier ways to try to exploit. Yet, it doesn't harm addressing it. Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@xxxxxxxxxx> --- drivers/media/dvb-core/dvb_ca_en50221.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/dvb-core/dvb_ca_en50221.c b/drivers/media/dvb-core/dvb_ca_en50221.c index b7e4a3371176..15a08d8c69ef 100644 --- a/drivers/media/dvb-core/dvb_ca_en50221.c +++ b/drivers/media/dvb-core/dvb_ca_en50221.c @@ -1386,6 +1386,7 @@ static int dvb_ca_en50221_io_do_ioctl(struct file *file, err = -EINVAL; goto out_unlock; } + slot = array_index_nospec(slot, ca->slot_count); info->type = CA_CI_LINK; info->flags = 0; -- 2.31.1
