loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
https://www.openwall.com/lists/oss-security/2021/09/18/2 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.7&id=71e32edd2210d0304e93ac110814b5a4b3a81dc0 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.68&id=ce8f81b76d3bef7b9fe6c8f84d029ab898b19469