Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29968: io_uring: fix uninitialized field in rw io_kiocb · torvalds/linux@32452a3

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

CVE
#linux#auth

Browse files

io_uring: fix uninitialized field in rw io_kiocb

io_rw_init_file does not initialize kiocb->private, so when iocb_bio_iopoll reads kiocb->private it can contain uninitialized data.

Fixes: 3e08773 (“block: switch polling to be bio based”) Signed-off-by: Joseph Ravichandran [email protected] Signed-off-by: Jens Axboe [email protected]

  • Loading branch information

jprx authored and axboe committed

Apr 28, 2022

1 parent 5a1e99b commit 32452a3eb8b64e01e2be717f518c0be046975b9d

Related news

Ubuntu Security Notice USN-5471-1

Ubuntu Security Notice 5471-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907