[UBUNTU OEM-5.17,OEM-6.0 0/5] CVE-2023-0468
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed Apr 5 00:08:17 UTC 2023
[Impact]
Lin Ma discovered a race condition in the io_uring subsystem in the Linux
kernel, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
[Fix/Backport]
5.15 version of these were applied to 5.17. 6.0 were clean upstream
cherry-picks.
[Potential regression]
io_uring users could regress.
Lin Ma (1):
io_uring/poll: fix poll_refs race with cancelation
Pavel Begunkov (4):
io_uring: update res mask in io_poll_check_events
io_uring: fix tw losing poll events
io_uring: cmpxchg for poll arm refs release
io_uring: make poll refs more robust
fs/io_uring.c | 57 ++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 50 insertions(+), 7 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list