In the Linux kernel, the following vulnerability has been resolved:
io_uring/kbuf: hold io_buffer_list reference over mmap
If we look up the kbuf, ensure that it doesn't get unregistered until
after we're done with it. Since we're inside mmap, we cannot safely use
the io_uring lock. Rely on the fact that we can lookup the buffer list
under RCU now and grab a reference to it, preventing it from being
unregistered until we're done with it. The lookup returns the
io_buffer_list directly with it referenced.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-19T08:34:37.262Z
Updated: 2024-08-02T03:21:48.591Z
Reserved: 2024-05-17T13:50:33.111Z
Link: CVE-2024-35880
Vulnrichment
Updated: 2024-05-23T19:01:24.769Z
NVD
Status : Awaiting Analysis
Published: 2024-05-19T09:15:09.283
Modified: 2024-05-20T13:00:04.957
Link: CVE-2024-35880
Redhat