9 matches found
kernel: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU
A use-after-free flaw was found in iouring/msgring in the Linux Kernel. In this flaw iokiocb freeing is deferred for RCU which can lead to a kernel information leak problem...
CVE-2022-50295 io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd()
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: Fix NULL pointer dereference in iomsgsendfd Syzkaller produced the below call trace: BUG: KASAN: null-ptr-deref in iomsgring+0x3cb/0x9f0 Write of size 8 at addr 0000000000000070 by task repro/16399 CPU: 0 PID:...
SUSE CVE-2025-38453
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...
CVE-2025-38453
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...
CVE-2025-38453
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...
CVE-2025-38453
CVE-2025-38453 affects the Linux kernel: the io_uring/msg_ring path can free an io_kiocb at an unsafe time, leading to use-after-free scenarios. The documented fix defers freeing via RC/RCU mechanics by adding an rcU head and switching to kfree_rcu() in both the freeing paths (io_msg_tw_complete(...
CVE-2025-38453 io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...
CVE-2025-38453
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...
GSD-2022-1006679 io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd()
iouring/msgring: Fix NULL pointer dereference in iomsgsendfd This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.6 by commit...