SUSE CVE-2022-40476

A null pointer dereference issue was discovered in fs/iouring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service...

The vulnerability of the fs/io_uring.c component in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the fs/iouring.c component in the Linux kernel operating system is related to the reutilization of freed memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2022-47946

CVE-2022-47946 affects the Linux kernel 5.10.x up to 5.10.155. It is a use-after-free in io_sqpoll_wait_sq (fs/io_uring.c) that can crash the kernel and cause a denial of service; finish_wait can be skipped. Exploitation scenarios include forking a process and terminating it quickly. Later kernel...

The vulnerability of the fs/io_uring.c component in Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the fs/iouring.c component in Linux operating systems is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to cause a system failure...

Null pointer dereference

A null pointer dereference issue was discovered in fs/iouring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service...

CVE-2022-40476

A null pointer dereference issue was discovered in fs/iouring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service...

CVE-2022-40476

CVE-2022-40476: A NULL pointer dereference in fs/io_uring.c of the Linux kernel prior to 5.15.62 allows a local user to crash the system or potentially cause a denial of service. Affected software: Linux kernel (pre-5.15.62). Root cause: NULL pointer dereference in io_uring handling. Impact: loca...

Linux kernel resource initialization vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel version 5.17.5 and prior versions have a security vulnerability that stems from a missing initialization of kiocb-private in iorwinitfile in fs/iouring.c. No detailed vulnerability details a...

CVE-2022-29968

An issue was discovered in the Linux kernel through 5.17.5. iorwinitfile in fs/iouring.c lacks initialization of kiocb-private...

Code injection

An issue was discovered in the Linux kernel through 5.17.5. iorwinitfile in fs/iouring.c lacks initialization of kiocb-private...

CVE-2022-29582

CVE-2022-29582 refers to a use-after-free in the Linux kernel io_uring timeout handling. The vulnerability resides in fs/io_uring.c and stems from a race condition in io_uring timeouts that can be triggered by a local user who does not have access to any user namespace. The initial description no...

CVE-2021-41073

looprwiter in fs/iouring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORINGOPPROVIDEBUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation...

CVE-2021-41073

looprwiter in fs/iouring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORINGOPPROVIDEBUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation...

CVE-2020-36387

An issue was discovered in the Linux kernel before 5.8.2. fs/iouring.c has a use-after-free related to ioasynctaskfunc and ctx reference holding, aka CID-6d816e088c35...

Double free

An issue was discovered in the Linux kernel before 5.8.2. fs/iouring.c has a use-after-free related to ioasynctaskfunc and ctx reference holding, aka CID-6d816e088c35...

CVE-2020-36387

CVE-2020-36387 affects the Linux kernel up to version 5.8.2, where a use-after-free exists in fs/io_uring.c related to io_async_task_func and ctx reference holding (CID-6d816e088c35). Multiple connected advisories reference Linux kernels before 5.8.2 and indicate that patch/update to 5.8.2 or lat...

CVE-2021-28951

An issue was discovered in fs/iouring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service deadlock because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25...

CVE-2021-28951

An issue was discovered in fs/iouring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service deadlock because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25...

CVE-2021-28951

CVE-2021-28951 is a Linux kernel flaw affecting fs/io_uring.c up to 5.11.8 that can cause a denial of service (deadlock) when exit waits for a SQPOLL thread while the thread awaits a start signal. The issue is documented in multiple advisories (e.g., ALAS2KERNEL entries for Kernel-5.10/5.15 and r...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180559. CVE-2020-27825: Fixed a race in the traceopen and buffer resi...