Описание
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: require cloned buffers to share accounting contexts
When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring instance A to uring instance B, where A and B use different MMs for accounting, the accounting can go wrong: If uring instance A is closed before uring instance B, the pinned memory counters for uring instance B will be decremented, even though the pinned memory was originally accounted through uring instance A; so the MM of uring instance B can end up with negative locked memory.
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: require cloned buffers to share accounting contexts
When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring instance A to uring instance B, where A and B use different MMs for accounting, the accounting can go wrong: If uring instance A is closed before uring instance B, the pinned memory counters for uring instance B will be decremented, even though the pinned memory was originally accounted through uring instance A; so the MM of uring instance B can end up with negative locked memory.
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: require cloned buffers to share accounting contexts
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Уязвимость функции io_clone_buffers() модуля io_uring/rsrc.c интерфейса асинхронного ввода/вывода ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.