blob: b2ea28e7953e32a1b59a6499c6a8ba9db2b01f71 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description: io_uring: Use original task for req identity in io_identity_cow()
References:
https://source.android.com/docs/security/bulletin/2022-10-01
https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9
Notes:
carnil> Upstream around 5.12-rc1 drops the non-native workers, in
carnil> particular upstream 4379bf8bd70b ("io_uring: remove
carnil> io_identity") removes the problematic calling. Consider this as
carnil> the fix, while overall we can say it's not an issue starting in
carnil> 5.12-rc1.
Bugs:
upstream: released (5.12-rc1) [4379bf8bd70b5de6bba7d53015b0c36c57a634ee]
5.10-upstream-stable: released (5.10.134) [2ee0cab11f6626071f8a64c7792406dabdd94c8d]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.136-1)
4.19-buster-security: N/A "Vulnerable code not present"
|