Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:io_uring/futex: ensure io_futex_wait() cleans up properly on failureThe io_futex_data is allocated upfront and assigned to the io_kiocbasync_data field, but the request isn't marked with REQ_F_ASYNC_DATAat that point. Those two should always go together, as the flag tellsio_uring whether the field is valid or not.Additionally, on failure cleanup, the futex handler frees the data butdoes not clear ->async_data. Clear the data and the flag in the errorpath as well.Thanks to Trend Micro Zero Day Initiative and particularly ReDress forreporting this.
No PoCs from references.
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/w4zu/Debian_security