A use-after-free vulnerability in the Linux Kernel...
High severity
Unreviewed
Published
Jun 28, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jun 28, 2023
Published to the GitHub Advisory Database
Jun 28, 2023
Last updated
Apr 4, 2024
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.
Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.
We recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.
References