race condition in io_uring lead to Local Privilege Escalation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-hwe (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hello. I'm neoni. I would like to report a vulnerability that lead to Use After Free.
An unprivileged attacker may use this vulnerability to root to achieve local privilege escalation.
Here is the detail:
When io_uring does io_sqe_
The vulnerability was already patched as a bug in Linux mainstream 5.19 and 6.0(https:/
a PoC crashes kernel is attached. It affects most recent ubuntu kernel images as well as some hwe/oem kernel like hwe-5.17.
Thanks, neoni. We appreciate the report. Sorry it took this long to get a response.
Those fixes are already applied in our 5.15 kernels and we don't support 5.19 and 6.0 anymore. Since these have been fixed in 6.1 and later kernels and 5.4 do not carry those features, we consider this issue fixed in all the supported kernels we currently ship.
Thanks again.
Cascardo.