CVE-2022-49791

Summary

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix multishot accept request leaks

Having REQ_F_POLLED set doesn't guarantee that the request is executed as a multishot from the polling path. Fortunately for us, if the code thinks it's multishot issue when it's not, it can only ask to skip completion so leaking the request. Use issue_flags to mark multipoll issues.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux390ed29b5e425ba00da2b6113b74a14949f71b02 < 0e4626de856ef8f25ecd9c716e76d4f95ce95639affected
LinuxLinux390ed29b5e425ba00da2b6113b74a14949f71b02 < 91482864768a874c4290ef93b84a78f4f1dac51baffected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.0.10 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References