4042 – [ANCK 5.10] CVE-2022-47946

Bug 4042 - [ANCK 5.10] CVE-2022-47946

Summary: [ANCK 5.10] CVE-2022-47946

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	fs (show other bugs)	fs
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	songkai
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-11 15:05 UTC by songkai
Modified:	2023-02-14 17:29 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description songkai inspur_group

2023-02-11 15:05:07 UTC

Description

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.

Comment 1 Joseph Qi alibaba_cloud_group

2023-02-14 10:09:08 UTC

https://gitee.com/anolis/cloud-kernel/pulls/1173

Comment 2 Joseph Qi alibaba_cloud_group

2023-02-14 10:20:48 UTC

(In reply to josephqi from comment #1)
> https://gitee.com/anolis/cloud-kernel/pulls/1173

Please see my comments on PR, and assign me (josephhz) as the reviewer, so that I can merge it into ANCK mainline, thanks.

Comment 3 Joseph Qi alibaba_cloud_group

2023-02-14 17:29:19 UTC

merged