Description
In the Linux kernel, the following vulnerability has been resolved:

x86/fred: Correct speculative safety in fred_extint()

array_index_nospec() is no use if the result gets spilled to the stack, as
it makes the believed safe-under-speculation value subject to memory
predictions.

For all practical purposes, this means array_index_nospec() must be used in
the expression that accesses the array.

As the code currently stands, it's the wrong side of irqentry_enter(), and
'index' is put into %ebp across the function call.

Remove the index variable and reposition array_index_nospec(), so it's
calculated immediately before the array access.
Published: 2026-03-25
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Speculative data leakage
Action: Apply Patch
AI Analysis

Impact

The Linux kernel’s x86/fred interrupt handler contains an issue where the helper function array_index_nospec() is executed before an index value is stored on the stack, exposing a speculative value that should remain hidden. This can allow a side‑channel that leaks kernel data during speculative execution, without providing arbitrary code execution or direct compromise.

Affected Systems

The flaw exists in the x86/fred code of every Linux kernel that has not applied the upstream patch identified in the advisory references. No specific distribution or vendor is listed beyond the generic Linux kernel; therefore any machine running a vulnerable kernel revision is a potential target.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. An EPSS score below 1% and absence from the CISA KEV catalog suggest a low likelihood of near‑term exploitation. The attack vector appears to require triggering the vulnerable interrupt path, likely from a local or privileged context, and would primarily provide speculative data leakage rather than full code execution.

Generated by OpenCVE AI on March 26, 2026 at 16:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the patch referenced in the advisory URLs.

Generated by OpenCVE AI on March 26, 2026 at 16:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 24 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-129
CPEs cpe:2.3:o:linux:linux_kernel:6.9:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-846

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1037
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-846

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fred_extint() array_index_nospec() is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purposes, this means array_index_nospec() must be used in the expression that accesses the array. As the code currently stands, it's the wrong side of irqentry_enter(), and 'index' is put into %ebp across the function call. Remove the index variable and reposition array_index_nospec(), so it's calculated immediately before the array access.
Title x86/fred: Correct speculative safety in fred_extint()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:05:39.073Z

Reserved: 2026-01-13T15:37:46.000Z

Link: CVE-2026-23354

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:33.963

Modified: 2026-04-24T19:15:42.007

Link: CVE-2026-23354

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23354 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:49:22Z

Weaknesses