In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix ltout double free on completion race Always remove linked
timeout on io_link_timeout_fn() from the master request link list,
otherwise we may get use-after-free when first io_link_timeout_fn() puts
linked timeout in the fail path, and then will be found and put on master’s
free.
git.kernel.org/linus/447c19f3b5074409c794b350b10306e1da1ef4ba (5.13-rc2)
git.kernel.org/stable/c/1f64f5e903b9d1d157875721e02adadc9d6f0a5d
git.kernel.org/stable/c/447c19f3b5074409c794b350b10306e1da1ef4ba
launchpad.net/bugs/cve/CVE-2021-47123
nvd.nist.gov/vuln/detail/CVE-2021-47123
security-tracker.debian.org/tracker/CVE-2021-47123
www.cve.org/CVERecord?id=CVE-2021-47123