6 matches found
CVE-2025-40216
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of ...
CVE-2025-38196 io_uring/rsrc: validate buffer count with offset for cloning
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: validate buffer count with offset for cloning syzbot reports that it can trigger a WARNON for kmalloc attempt that's too big: WARNING: CPU: 0 PID: 6488 at mm/slub.c:5024 kvmallocnodenoprof+0x520/0x640 mm/slub.c:5024...
CVE-2024-40922
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't lock while !TASKRUNNING There is a report of iorsrcrefquiesce locking a mutex while not TASKRUNNING, which is due to forgetting restoring the state back after ioruntaskworksig and attempts to break out of the...
CVE-2024-40922
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't lock while !TASKRUNNING There is a report of iorsrcrefquiesce locking a mutex while not TASKRUNNING, which is due to forgetting restoring the state back after ioruntaskworksig and attempts to break out of the...
CVE-2024-40922
CVE-2024-40922 affects the Linux kernel io_uring rsrc path: a mutex lock could be held while a task is not TASK_RUNNING due to not restoring state after io_run_task_work_sig(), risking unintended blocking/deadlock in io_rsrc_ref_quiesce() and related calls (io_sqe_buffers_unregister, io_uring/reg...
CVE-2024-40922
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't lock while !TASKRUNNING There is a report of iorsrcrefquiesce locking a mutex while not TASKRUNNING, which is due to forgetting restoring the state back after ioruntaskworksig and attempts to break out of the...