5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix shared sqpoll cancellation hangs [ 736.982891] INFO: task
iou-sqp-4294:4295 blocked for more than 122 seconds. [ 736.982897] Call
Trace: [ 736.982901] schedule+0x68/0xe0 [ 736.982903]
io_uring_cancel_sqpoll+0xdb/0x110 [ 736.982908]
io_sqpoll_cancel_cb+0x24/0x30 [ 736.982911] io_run_task_work_head+0x28/0x50
[ 736.982913] io_sq_thread+0x4e3/0x720 We call io_uring_cancel_sqpoll() one
by one for each ctx either in sq_thread() itself or via task works, and
it’s intended to cancel all requests of a specified context. However the
function uses per-task counters to track the number of inflight requests,
so it counts more requests than available via currect io_uring ctx and goes
to sleep for them to appear (e.g. from IRQ), that will never happen. Cancel
a bit more than before, i.e. all ctxs that share sqpoll and continue to use
shared counters. Don’t forget that we should not remove ctx from the list
before running that task_work sqpoll-cancel, otherwise the function
wouldn’t be able to find the context and will hang.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/734551df6f9bedfbefcd113ede665945e9de0b99 (5.13-rc1)
git.kernel.org/stable/c/734551df6f9bedfbefcd113ede665945e9de0b99
git.kernel.org/stable/c/cb5e0b3d0f993a6268c1a2c7ede2f9aa0c17ef68
launchpad.net/bugs/cve/CVE-2021-46942
nvd.nist.gov/vuln/detail/CVE-2021-46942
security-tracker.debian.org/tracker/CVE-2021-46942
www.cve.org/CVERecord?id=CVE-2021-46942
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%