Bugzilla – Bug 1199087
VUL-1: CVE-2022-29968: kernel-source,kernel-source-azure,kernel-source-rt: io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private
Last modified: 2022-05-04 06:55:05 UTC
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in
fs/io_uring.c lacks initialization of kiocb->private.
https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d (io_uring: fix uninitialized field in rw io_kiocb)
Commit introducing the bug:
https://github.com/torvalds/linux/commit/3e08773c3841e9db7a520908cc2b136a77d275ff (block: switch polling to be bio based)
Only stable branch is affected.
I guess that it will get resoved naturally by updating the stable kernel.
Jiri, please reassign this bug back to the security team when
the fix reaches stable.
Yes, queued for 5.17.6:
Pushed to stable, so that we have bsc# and CVE# in place.
Thanks Petr and Jiri. I guess everything done now. Closing.