Skip to content

io_uring race-condition LPE (CVE-2024-0582)

Aynı bug/CVE (CVE-2024-0582): bkz. canonical not. (Not: bu aslında bir race değil, IOU_PBUF_RING_MMAP provided-buffer ring'inin lifetime/refcount UAF'ıdır.)

Mechanism

Aynı io_uring provided-buffer ring page-level use-after-free'i; tam mekanizma için bkz. io_uring provided-buffer ring UAF (CVE-2024-0582).

Walkthrough

Tam walkthrough canonical not'ta: io_uring provided-buffer ring UAF (CVE-2024-0582).

References