A vulnerability (CVE-5.1-2022) has been identified in the implementation of the io_uring asynchronous I/O interface, included in the Linux kernel since release 2602, that could allow an unprivileged user to become root on the system. The problem has been confirmed in the 5.4 branch and kernels since the 5.15 branch.
The vulnerability is caused by a use-after-free access to an already freed memory block (use-after-free) in the io_uring subsystem, which occurs as a result of a race condition when processing an io_uring request on a target file during a garbage collection for Unix sockets, if the garbage collector frees all registered file descriptors and the file descriptor that io_uring works with. To artificially create conditions for the manifestation of a vulnerability, you can delay the request using userfaultfd until the garbage collector frees memory.
The researchers who identified the problem have announced the creation of a working exploit, which they intend to publish on October 25 to give users time to install updates. The fix is ββstill available as a patch. Updates for distributions have not yet been released, but you can follow their appearance on the pages: Debian, Ubuntu, Gentoo, RHEL, Fedora, SUSE/openSUSE, Arch.
Source: opennet.ru