Ubuthathaka (CVE-5.1-2022) ichongiwe ekuphunyezweni kwe-io_uring i-asynchronous input/output interface, ibandakanywe kwi-Linux kernel ukususela ekukhululweni kwe-3910, evumela umsebenzisi ongekho mthethweni ukuba enze ikhowudi ngamalungelo e-kernel. Ingxaki yavela ekukhutshweni kwe-5.18 kunye ne-5.19, kwaye yalungiswa kwisebe le-6.0. I-Debian, i-RHEL kunye ne-SUSE zisebenzisa i-kernel ikhupha ukuya kwi-5.18, i-Fedora, i-Gentoo kunye ne-Arch sele inikezela nge-kernel 6.0. Ubuntu 22.10 isebenzisa i-5.19 kernel esengozini.
Ukuba sesichengeni kubangelwa kukufikelela kwibhloko yenkumbulo esele ikhululwe (ukusetyenziswa-emva-kwesimahla) kwindlela esezantsi ye-io_uring, eyayanyaniswa nohlaziyo olungachanekanga lwekhawunta yereferensi - xa ufowunela io_msg_ring () ngefayile emiselweyo (ibekwe ngokusisigxina kwi-ring buffer), io_fput_file() umsebenzi ubizwa ngempazamo ehlisa ubalo lwereferensi.
umthombo: opennet.ru