You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The io_uring subsystem allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being used in mem_rw when reading /proc/PID/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel.
The io_uring subsystem allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being used in mem_rw when reading /proc/PID/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel.