Bug 2007567 (CVE-2021-41073) - CVE-2021-41073 kernel: local user privilege escalation via loop_rw_iter in fs/io_uring.c
Summary: CVE-2021-41073 kernel: local user privilege escalation via loop_rw_iter in fs...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-41073
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2007568 2008611
Blocks: 2007569
TreeView+ depends on / blocked
 
Reported: 2021-09-24 09:47 UTC by Marian Rehak
Modified: 2022-04-17 21:35 UTC (History)
45 users (show)

Fixed In Version: Linux kernel 5.15rc2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in loop_rw_iter in fs/io_uring.c in the Linux kernel. This problem gives the ability to a local user with a normal user privilege to free a user-defined kernel space buffer.
Clone Of:
Environment:
Last Closed: 2021-09-30 09:53:32 UTC


Attachments (Terms of Use)

Description Marian Rehak 2021-09-24 09:47:22 UTC
loop_rw_iter in fs/io_uring.c in the Linux kernel allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer.

External reference:

https://www.openwall.com/lists/oss-security/2021/09/18/2

Comment 1 Marian Rehak 2021-09-24 09:50:30 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2007568]

Comment 4 Rohit Keshri 2021-09-28 17:05:09 UTC
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.


Note You need to log in before you can comment on or make changes to this bug.