Headline
CVE-2022-29968: io_uring: fix uninitialized field in rw io_kiocb · torvalds/linux@32452a3
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
Browse files
io_uring: fix uninitialized field in rw io_kiocb
io_rw_init_file does not initialize kiocb->private, so when iocb_bio_iopoll reads kiocb->private it can contain uninitialized data.
Fixes: 3e08773 (“block: switch polling to be bio based”) Signed-off-by: Joseph Ravichandran [email protected] Signed-off-by: Jens Axboe [email protected]
- Loading branch information
jprx authored and axboe committed
Apr 28, 2022
1 parent 5a1e99b commit 32452a3eb8b64e01e2be717f518c0be046975b9d
Related news
Ubuntu Security Notice 5471-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.