Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002411 advisory. The aiomount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intende...

CVE-2024-26764

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocbsetcancelfn to I/O submitted via libaio If kiocbsetcancelfn is called for I/O submitted via iouring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocbsetcancelfn+0x9c/0xa8...

K29215970: Linux kernel vulnerability CVE-2019-10125

Security Advisory Description An issue was discovered in aiopoll in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aiopollwake if an expected event is triggered immediately e.g., by the close of a pair of pipes after the return of vfspoll, and this will cause a...

Memory corruption

In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-39698

CVE-2021-39698 affects the Android kernel. In aio_poll_complete_work() in aio.c there is a use-after-free that can corrupt memory, potentially enabling local privilege escalation with no extra execution privileges required and no user interaction. The advisory notes the impact as local escalation...

CVE-2019-10125

CVE-2019-10125 affects the Linux kernel (up to v5.0.4) where aio_poll() in fs/aio.c may release a file by aio_poll_wake() after vfs_poll() returns, causing a use-after-free. Connected advisories (Unity Linux UTSA entries) reproduce the vulnerable description and map the issue to kernel code path ...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service. The AIO interface permitted reading or writing 2 GB of data or more in a single chunk, which could lead to an integer overflow in the aiosetupsinglevector function in fs/aio.c when applied to certain filesystems, socket or device types...

CVE-2016-10044

CVE-2016-10044 is supported by connected advisories: the Linux kernel up to version 4.7.7 contains a vulnerability in the aio_mount path. Specifically, the aio_mount function in fs/aio.c did not properly restrict execute access, enabling local users to bypass SELinux W^X policy and gain privilege...

CVE-2014-0206

CVE-2014-0206 is an array index error in aio_read_events_ring (fs/aio.c) of the Linux kernel up to version 3.15.1. It enables local users to read sensitive data from kernel memory by supplying a large head value. The provided connected documents confirm the affected file and vulnerability type bu...

CVE-2014-0206

Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

Double free

Double free vulnerability in the ioctxalloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service system crash or possibly have unspecified other impact via vectors involving an error condition in the aiosetupring function...

CVE-2013-7348

Double free vulnerability in the ioctxalloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service system crash or possibly have unspecified other impact via vectors involving an error condition in the aiosetupring function...