Bug 1225231 (CVE-2021-47411)

Summary: VUL-0: REJECTED: CVE-2021-47411: kernel: io_uring: allow conditional reschedule for intensive iterators
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, gabriele.sonnu
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/407054/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-47411:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-05-24 14:46:46 UTC 
In the Linux kernel, the following vulnerability has been resolved:

io_uring: allow conditional reschedule for intensive iterators

If we have a lot of threads and rings, the tctx list can get quite big.
This is especially true if we keep creating new threads and rings.
Likewise for the provided buffers list. Be nice and insert a conditional
reschedule point while iterating the nodes for deletion.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47411
https://www.cve.org/CVERecord?id=CVE-2021-47411
https://git.kernel.org/stable/c/648f59a06b0e1fec7a4158cdee9acd362e493ce1
https://git.kernel.org/stable/c/8bab4c09f24ec8d4a7a78ab343620f89d3a24804
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47411.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2282325
Comment 1 Andrea Mattiazzo 2024-05-27 07:45:58 UTC 
CVE is now rejected: https://lore.kernel.org/linux-cve-announce/2024052511-REJECTED-7c35@gregkh/