Bugzilla – Bug 1190664
VUL-0: CVE-2021-41073: kernel-source-azure,kernel-source,kernel-source-rt: Linux Kernel: Exploitable vulnerability in io_uring
Last modified: 2023-01-18 17:12:09 UTC
loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local
users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of
a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
is 5.10 and later.
was not backport to SLES15-SP3
-> only tumbleweed and 15-sp4 is affected.
The fix - commit 16c8d2df7ec0 ("io_uring: ensure symmetry in handling iter types in loop_rw_iter()") - was merged upstream for 5.15-rc2 and 5.14.7 stable tree. So we'll get it from upstream for Tumbleweed and SLE15-SP4. I'll wait for the patch to land in SLE15-SP4 branch (I expect that to happen on Monday or so) to update the CVE tag.
Nevermind, SLE15-SP4 didn't get the stable update yet. I've just pushed the patch directly there. All done from my side. Reassigning back to the security team.