[SRU Jammy,Kinetic,Lunar,OEM-6.0,OEM-6.1 0/1] CVE-2023-3389
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Jul 4 23:51:46 UTC 2023
[Impact]
A race with a linked timeout io_uring OP and poll removal may lead to a
use-after-free. An unprivileged user can use this to cause a denial of
service (system crash) or code execution.
[Backport]
5.15 had a backport of its own upstream, which was used for both Jammy and
Kinetic. The original upstream fix applieds to Lunar, OEM-6.1 and OEM-6.0.
[Potential regression]
Poll removal on io-uring can regress.
Jens Axboe (1):
io_uring: hold uring mutex around poll removal
io_uring/io_uring.c | 3 +++
1 file changed, 3 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list