[SRU][Mantic][PATCH 0/2] CVE-2024-0582
Yuxuan Luo
yuxuan.luo at canonical.com
Tue Jan 30 02:35:17 UTC 2024
[Impact]
A memory leak flaw was found in the Linux kernel’s io_uring functionality
in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING,
mmap() it, and then frees it. This flaw allows a local user to crash or
potentially escalate their privileges on the system.
[Backport]
The fix commit requires edecf1689768 (“io_uring: enable
io_mem_alloc/free to be used in other parts”) so that kbuf.c has the
access to io_mem_alloc/free functions, preventing implicit declaration
build error.
[Test]
Tested against liburing/test/buf-ring-nommap.
[Potential Regression]
Regression is limited in the use case of setting io_uring up with
IOU_PBUF_RING_MMAP.
Jens Axboe (1):
io_uring/kbuf: defer release of mapped buffer rings
include/linux/io_uring_types.h | 3 +++
io_uring/io_uring.c | 2 ++
io_uring/kbuf.c | 44 ++++++++++++++++++++++++++++++----
io_uring/kbuf.h | 2 ++
4 files changed, 46 insertions(+), 5 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list