Kotsi (CVE-5.1-2022) e bonts'itsoe ts'ebetsong ea io_uring asynchronous input/output interface, e kenyellelitsoeng ho Linux kernel ho tloha ha e lokolloa 3910, e lumellang mosebelisi ea se nang tokelo ho etsa khoutu ka litokelo tsa kernel. Bothata bo hlahile litokollong tsa 5.18 le 5.19, 'me tsa lokisoa lekaleng la 6.0. Debian, RHEL le SUSE li sebelisa kernel ho fihla ho 5.18, Fedora, Gentoo le Arch li se li ntse li fana ka kernel 6.0. Ubuntu 22.10 e sebelisa 5.19 kernel e tlokotsing.
Kotsi e bakoa ke ho fihlella "memory block" e seng e lokolotsoe (use-after-free) ho io_uring subsystem, e amanang le ntlafatso e fosahetseng ea k'haontareng ea litšupiso - ha o letsetsa io_msg_ring() ka faele e tsitsitseng (e fumanehang ka ho sa feleng ka har'a ring buffer), mosebetsi oa io_fput_file() o bitsoa ka phoso ho fokotsa palo ea litšupiso.
Source: opennet.ru