- Description
- In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: zero sqd->thread on tctx errors Syzkeller reports: BUG: KASAN: slab-use-after-free in thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 Read of size 8 at addr ffff88803578c510 by task syz.2.3223/27552 Call Trace: <TASK> ... kasan_report+0x143/0x180 mm/kasan/report.c:602 thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 thread_group_cputime_adjusted+0xa6/0x340 kernel/sched/cputime.c:639 getrusage+0x1000/0x1340 kernel/sys.c:1863 io_uring_show_fdinfo+0xdfe/0x1770 io_uring/fdinfo.c:197 seq_show+0x608/0x770 fs/proc/fd.c:68 ... That's due to sqd->task not being cleared properly in cases where SQPOLL task tctx setup fails, which can essentially only happen with fault injection to insert allocation errors.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-416
- Hype score
- Not currently trending
(CVE-2025-21655)[io_uring/eventfd]ensure io_eventfd_signal() defers another RCU period https://t.co/n5aMJLsSlw @tehjh (CVE-2025-21633)[io_uring/sqpoll]slab-UAF in thread_group_cputime https://t.co/KjTe9uu0WG https://t.co/pNP1K7yiu2
@xvonfers
20 Jan 2025
2275 Impressions
7 Retweets
37 Likes
10 Bookmarks
0 Replies
0 Quotes
CVE-2025-21633 Linux Kernel io_uring Use-After-Free Vulnerability Resolved https://t.co/3ZXgJ5RS5U
@VulmonFeeds
19 Jan 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21633 In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: zero sqd->thread on tctx errors Syzkeller reports: BUG: KASAN: slab-use-after-… https://t.co/sQsPCZAynW
@CVEnew
19 Jan 2025
251 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes