Vulnerability: Inconsistent Identity Handling in io_uring Operations

Vulnerability: Inconsistent Identity Handling in io_uring Operations

CVE-2022-2327 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859

Learn more about our Web Application Penetration Testing UK.