blob: 9db0ce1b2298a4dd04eef23d7511078e9e00d598 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: io_uring: always use original task when preparing req identity
References:
https://www.openwall.com/lists/oss-security/2022/05/24/4
https://www.openwall.com/lists/oss-security/2022/05/28/1
https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
Notes:
carnil> Upstream around 5.12-rc1 drops the non-native workers, in
carnil> particular upstream 4379bf8bd70b ("io_uring: remove
carnil> io_identity") removes the problematic calling. Consider this as
carnil> the fix, while overall we can say it's not an issue starting in
carnil> 5.12-rc1.
Bugs:
upstream: released (5.12-rc1) [4379bf8bd70b5de6bba7d53015b0c36c57a634ee]
5.10-upstream-stable: released (5.10.117) [29f077d070519a88a793fbc70f1e6484dc6d9e35]
4.19-upstream-stable: N/A "Vulnerable code not present"
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.120-1)
4.19-buster-security: N/A "Vulnerable code not present"
4.9-stretch-security: N/A "Vulnerable code not present"
|
