oss-sec mailing list archives

Re: Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring()

From: Florian Weimer <fweimer () redhat com>
Date: Mon, 08 Aug 2022 14:20:53 +0200

* Solar Designer:

I think this wasn't reported in here before, and has no CVE ID?

Writeup in Chinese dated July 29:

https://dawnslab.jd.com/linux-5.19-rc2_pbuf_ring_0day/

Fix dated July 21, per the writeup included in 5.19-rc8:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec8516f3b7c40ba7050e6b3a32467e9de451ecdf

Per the Fixes tag, the bug was introduced in May, in:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c7fb19428d67


Wasn't this introduced and fixed during 5.19 development?  In those
cases, no CVE assignment is expected.

Thanks,
Florian

Current thread:

Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring() Solar Designer (Aug 08)
- Re: Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring() Florian Weimer (Aug 08)