31 matches found
CVE-2025-40364 io_uring: fix io_req_prep_async with provided buffers
In the Linux kernel, the following vulnerability has been resolved: iouring: fix ioreqprepasync with provided buffers ioreqprepasync can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed...
CVE-2022-49056
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: hold iobufferlist reference over mmap If we look up the kbuf, ensure that it doesn't get unregistered until after we're done with it. Since we're inside mmap, we cannot safely use the iouring lock. Rely on the fact...
CVE-2025-21630
In the Linux kernel, the following vulnerability has been resolved: iouring/net: always initialize kmsg-msg.msginq upfront syzbot reports that -msginq may get used uinitialized from the following path: BUG: KMSAN: uninit-value in iorecvbufselect iouring/net.c:1094 inline BUG: KMSAN: uninit-value ...
The vulnerability of the __io_sync Cancel() function in the io_uring/cancel.c module of the io_uring component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information, or to enhance their privileges.
The vulnerability of the iosync Cancel function in the iouring/cancel.c module of the Linux kernel’s iouring component is related to an incorrect definition of the buffer boundary. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...
CVE-2023-1295
A time-of-check to time-of-use issue exists in iouring subsystem's IORINGOPCLOSE operation in the Linux kernel's versions 5.6 - 5.11 inclusive, which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in...
UBUNTU-CVE-2023-2236
A use-after-free vulnerability in the Linux Kernel iouring subsystem can be exploited to achieve local privilege escalation. Both ioinstallfixedfile and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend...
DEBIAN-CVE-2023-1872
A use-after-free vulnerability in the Linux Kernel iouring system can be exploited to achieve local privilege escalation. The iofilegetfixed function lacks the presence of ctx-uringlock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We...
UBUNTU-CVE-2023-1872
A use-after-free vulnerability in the Linux Kernel iouring system can be exploited to achieve local privilege escalation. The iofilegetfixed function lacks the presence of ctx-uringlock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We...
CVE-2023-0240 Use after free in io_uring in the Linux Kernel
There is a logic error in iouring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the ioprepasyncwork function the assumption that the last iograbidentity call cannot return false is not true, and in this case the function will use...
CVE-2022-3910 Use after free in IO_uring in the Linux Kernel
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in iouring leads to Use-After-Free and Local Privilege Escalation. When iomsgring was invoked with a fixed file, it called iofputfile which improperly decreased its reference count...