APPLIED: [SRU][Mantic][PATCH 0/2] CVE-2024-0582
Stefan Bader
stefan.bader at canonical.com
Wed Jan 31 09:35:42 UTC 2024
On 30.01.24 03:35, Yuxuan Luo wrote:
> [Impact]
> A memory leak flaw was found in the Linux kernel’s io_uring functionality
> in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING,
> mmap() it, and then frees it. This flaw allows a local user to crash or
> potentially escalate their privileges on the system.
>
> [Backport]
> The fix commit requires edecf1689768 (“io_uring: enable
> io_mem_alloc/free to be used in other parts”) so that kbuf.c has the
> access to io_mem_alloc/free functions, preventing implicit declaration
> build error.
>
> [Test]
> Tested against liburing/test/buf-ring-nommap.
>
> [Potential Regression]
> Regression is limited in the use case of setting io_uring up with
> IOU_PBUF_RING_MMAP.
>
>
> Jens Axboe (1):
> io_uring/kbuf: defer release of mapped buffer rings
>
> include/linux/io_uring_types.h | 3 +++
> io_uring/io_uring.c | 2 ++
> io_uring/kbuf.c | 44 ++++++++++++++++++++++++++++++----
> io_uring/kbuf.h | 2 ++
> 4 files changed, 46 insertions(+), 5 deletions(-)
>
Applied to mantic:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240131/8494b8ca/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240131/8494b8ca/attachment-0001.sig>
More information about the kernel-team
mailing list