Ukuba sengozini (CVE-5.1-2022) kukhonjwe ekusetshenzisweni kwesixhumi esibonakalayo se-io_uring asynchronous input/output, efakwe ku-Linux kernel kusukela ekukhululweni kuka-3910, okuvumela umsebenzisi ongenalo ilungelo ukuthi akhiphe ikhodi enamalungelo e-kernel. Inkinga ivele ekukhishweni okungu-5.18 no-5.19, futhi yalungiswa egatsheni le-6.0. I-Debian, i-RHEL kanye ne-SUSE isebenzisa i-kernel ekhishwa kuze kufike ku-5.18, i-Fedora, i-Gentoo ne-Arch sezivele zinikeza i-kernel 6.0. Ubuntu 22.10 isebenzisa i-5.19 kernel esengozini.
Ukuba sengozini kubangelwa ukufinyelela ibhulokhi yememori eseyivele ikhululiwe (use-after-free) kusistimu engaphansi ye-io_uring, ehlotshaniswa nokubuyekezwa okungalungile kwekhawunta yereferensi - lapho ushayela i-io_msg_ring() ngefayela eligxilile (elitholakala unomphela kusigcinalwazi sendandatho), umsebenzi we-io_fput_file() ubizwa ngephutha ukwehlisa inani lereferensi.
Source: opennet.ru