SUSE CVE-2022-40476

A null pointer dereference issue was discovered in fs/iouring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service...

CVE-2022-47946

CVE-2022-47946 affects the Linux kernel 5.10.x up to 5.10.155. It is a use-after-free in io_sqpoll_wait_sq (fs/io_uring.c) that can crash the kernel and cause a denial of service; finish_wait can be skipped. Exploitation scenarios include forking a process and terminating it quickly. Later kernel...

Null pointer dereference

A null pointer dereference issue was discovered in fs/iouring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service...

CVE-2022-40476

A null pointer dereference issue was discovered in fs/iouring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service...

CVE-2022-40476

CVE-2022-40476: A NULL pointer dereference in fs/io_uring.c of the Linux kernel prior to 5.15.62 allows a local user to crash the system or potentially cause a denial of service. Affected software: Linux kernel (pre-5.15.62). Root cause: NULL pointer dereference in io_uring handling. Impact: loca...

Linux kernel resource initialization vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel version 5.17.5 and prior versions have a security vulnerability that stems from a missing initialization of kiocb-private in iorwinitfile in fs/iouring.c. No detailed vulnerability details a...

CVE-2022-29968

An issue was discovered in the Linux kernel through 5.17.5. iorwinitfile in fs/iouring.c lacks initialization of kiocb-private...

Code injection

An issue was discovered in the Linux kernel through 5.17.5. iorwinitfile in fs/iouring.c lacks initialization of kiocb-private...

CVE-2022-29582

CVE-2022-29582 refers to a use-after-free in the Linux kernel io_uring timeout handling. The vulnerability resides in fs/io_uring.c and stems from a race condition in io_uring timeouts that can be triggered by a local user who does not have access to any user namespace. The initial description no...

CVE-2021-41073

looprwiter in fs/iouring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORINGOPPROVIDEBUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation...

CVE-2021-41073

looprwiter in fs/iouring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORINGOPPROVIDEBUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation...

CVE-2020-36387

An issue was discovered in the Linux kernel before 5.8.2. fs/iouring.c has a use-after-free related to ioasynctaskfunc and ctx reference holding, aka CID-6d816e088c35...

Double free

An issue was discovered in the Linux kernel before 5.8.2. fs/iouring.c has a use-after-free related to ioasynctaskfunc and ctx reference holding, aka CID-6d816e088c35...

CVE-2020-36387

CVE-2020-36387 affects the Linux kernel up to version 5.8.2, where a use-after-free exists in fs/io_uring.c related to io_async_task_func and ctx reference holding (CID-6d816e088c35). Multiple connected advisories reference Linux kernels before 5.8.2 and indicate that patch/update to 5.8.2 or lat...

CVE-2021-28951

An issue was discovered in fs/iouring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service deadlock because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25...

CVE-2021-28951

An issue was discovered in fs/iouring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service deadlock because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25...

CVE-2021-28951

CVE-2021-28951 is a Linux kernel flaw affecting fs/io_uring.c up to 5.11.8 that can cause a denial of service (deadlock) when exit waits for a SQPOLL thread while the thread awaits a start signal. The issue is documented in multiple advisories (e.g., ALAS2KERNEL entries for Kernel-5.10/5.15 and r...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180559. CVE-2020-27825: Fixed a race in the traceopen and buffer resi...

CVE-2020-29373

CVE-2020-29373 affects the Linux kernel (pre-5.6) in fs/io_uring.c, where the root directory is unsafely handled during path lookups inside a mount namespace, allowing a process to escape to unintended filesystem locations. The issue is confirmed by the CVE description and linked ChangeLog-5.6 an...

Design/Logic Flaw

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...