ACK: [SRU][Mantic][PATCH 0/2] CVE-2024-0582
Roxana Nicolescu
roxana.nicolescu at canonical.com
Tue Jan 30 09:27:27 UTC 2024
On 30/01/2024 03:35, Yuxuan Luo wrote:
> [Impact]
> A memory leak flaw was found in the Linux kernel’s io_uring functionality
> in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING,
> mmap() it, and then frees it. This flaw allows a local user to crash or
> potentially escalate their privileges on the system.
>
> [Backport]
> The fix commit requires edecf1689768 (“io_uring: enable
> io_mem_alloc/free to be used in other parts”) so that kbuf.c has the
> access to io_mem_alloc/free functions, preventing implicit declaration
> build error.
>
> [Test]
> Tested against liburing/test/buf-ring-nommap.
>
> [Potential Regression]
> Regression is limited in the use case of setting io_uring up with
> IOU_PBUF_RING_MMAP.
>
>
> Jens Axboe (1):
> io_uring/kbuf: defer release of mapped buffer rings
>
> include/linux/io_uring_types.h | 3 +++
> io_uring/io_uring.c | 2 ++
> io_uring/kbuf.c | 44 ++++++++++++++++++++++++++++++----
> io_uring/kbuf.h | 2 ++
> 4 files changed, 46 insertions(+), 5 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list