blob: 34e7552727f61bdb8355f2322726b720a56d590e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Description: use-after-free in io_uring feature
References:
https://www.zerodayinitiative.com/advisories/ZDI-21-001/
https://www.openwall.com/lists/oss-security/2021/02/05/4
https://bugzilla.redhat.com/show_bug.cgi?id=1873476
https://www.openwall.com/lists/oss-security/2021/02/05/7
https://bugzilla.suse.com/show_bug.cgi?id=1180564#c11
Notes:
carnil> Claimed to be fixed in 5.10.2, but this cannot be the right
carnil> version as there were no changes in 5.10.1 to 5.10.2 in
carnil> io_uring. The Red Hat bugzilla entry has little more details.
carnil> Possibly as well just a duplicate of CVE-2020-29534 and would
carnil> thus be fixed earlier already for the sid branch (See SUSE
carnil> bugzilla bug).
Bugs:
upstream: released (5.10-rc1) [233295130e53c8dfe6dbef3f52634c3f7e44cd6a]
5.10-upstream-stable: N/A "Fixed before branching point"
4.19-upstream-stable: N/A "Vulnerable code introduced later"
4.9-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (5.10.4-1)
4.19-buster-security: N/A "Vulnerable code introduced later"
4.9-stretch-security: N/A "Vulnerable code introduced later"
|