[SRU][Mantic][PATCH 0/1] CVE-2023-6560
Yuxuan Luo
yuxuan.luo at canonical.com
Fri Jan 12 22:05:07 UTC 2024
[Impact]
It has been found that io_uring lacks checking user allocated
discontigous pages in io_uring.c which is not supported at the moment.
Failing to do so might leads to out-of-bound read, leading to potential
memory leak or system crash.
[Backport]
It is a clean cherry pick.
[Test]
Tested against test suite in liburing.
[Potential Regression]
Regression might occur when users allocating memory for their
application using io_uring.
Jens Axboe (1):
io_uring: don't allow discontig pages for IORING_SETUP_NO_MMAP
io_uring/io_uring.c | 39 +++++++++++++++++++++------------------
1 file changed, 21 insertions(+), 18 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list