Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2209: io_uring: add missing item types for various requests · torvalds/linux@df3f3bb

io_uring uses work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. The mapping of flags is incomplete, which leads to multiple incorrect reference counts and hence use-after-free. We recommend upgrading past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859

CVE
#linux

Permalink

Browse files

io_uring: add missing item types for various requests

Any read/write should grab current->nsproxy, denoted by IO_WQ_WORK_FILES as it refers to current->files as well, and connect and recv/recvmsg, send/sendmsg should grab current->fs which is denoted by IO_WQ_WORK_FS.

No upstream commit exists for this issue.

Reported-by: Bing-Jhong Billy Jheng [email protected] Signed-off-by: Jens Axboe [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

  • Loading branch information

Related news

CVE-2022-41591: December

The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.

CVE-2021-1050: Android Security Bulletin—November 2022  |  Android Open Source Project

In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907