An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations. Reference: https://bugs.chromium.org/p/project-zero/issues/detail?id=2011 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff002b30181d30cdfbca316dadd099c3ca0d739c
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1903293]
This was fixed for Fedora with the 5.6 kernel rebases.
*** This bug has been marked as a duplicate of bug 1875818 ***