blob: 95ce1f53a7fd6f890abee1779a0717618baecc43 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
Description: io_uring: hold 'ctx' reference around task_work queue + execute
References:
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-io_async_task_func
https://syzkaller.appspot.com/bug?id=ce5f07d6ec3b5050b8f0728a3b389aa510f2591b
Notes:
Bugs:
upstream: released (5.9-rc1) [6d816e088c359866f9867057e04f244c608c42fe]
5.10-upstream-stable: N/A "Fixed before branching point"
4.19-upstream-stable: N/A "Vulnerable code not present"
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.7.17-1)
4.19-buster-security: N/A "Vulnerable code not present"
4.9-stretch-security: N/A "Vulnerable code not present"
|