blob: 713a1bd5cc58a7c883038d76ea96a217bc37bf0b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: io_uring/msg_ring: fix missing lock on overflow for IOPOLL
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2192175
https://groups.google.com/g/syzkaller/c/T04q4HMUCdA/m/qVaOqv2RAAAJ
Notes:
bwh> The two instances of the bug were introduced in 6.0 by commit
bwh> e6130eba8a84 "io_uring: add support for passing fixed file
bwh> descriptors" and in 6.2-rc1 by commit 6d043ee1164c "io_uring:
bwh> do msg_ring in target task via tw".
Bugs:
upstream: released (6.2-rc5) [e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d]
6.1-upstream-stable: released (6.1.50) [22a406b3629a10979916ea7cace47858410117b5]
5.10-upstream-stable: N/A "Vulnerable code introduced later"
4.19-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (6.3.7-1)
6.1-bookworm-security: released (6.1.52-1)
5.10-bullseye-security: N/A "Vulnerable code introduced later"
4.19-buster-security: N/A "Vulnerable code introduced later"
|
