An gano wani rauni (CVE-5.1-2022) a cikin aiwatar da io_uring asynchronous shigar da / fitarwa dubawa, wanda aka haɗa a cikin Linux kernel tun sakin 3910, wanda ke ba mai amfani mara gata damar aiwatar da lamba tare da gata na kwaya. Matsalar ta bayyana a cikin sakin 5.18 da 5.19, kuma an gyara shi a cikin reshen 6.0. Debian, RHEL da SUSE suna amfani da kwaya har zuwa 5.18, Fedora, Gentoo da Arch sun riga sun ba da kernel 6.0. Ubuntu 22.10 yana amfani da kernel 5.19 mai rauni.
Rashin lahani yana faruwa ta hanyar samun damar toshe ƙwaƙwalwar ajiya da aka rigaya (amfani bayan-kyauta) a cikin tsarin io_uring, wanda ke da alaƙa da sabunta bayanan da ba daidai ba - lokacin kiran io_msg_ring() tare da ƙayyadaddun fayil (wanda yake a dindindin a cikin ma'aunin zobe), Ana kiran aikin io_fput_file() da kuskure yana rage ƙididdige ƙididdiga.
source: budenet.ru