A flaw was found in the io-workqueue implementation in the Linux kernel. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This allows a local user with permissions to execute io-uring requests to possible crash the system.
Red Hat has not implemented io-uring in any shipping products however it appears to be enabled in the Fedora Project.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2026810]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This was fixed for Fedora with the 5.14.6 stable kernel updates.