В ядре Linux устранена следующая уязвимость:
io_uring/rw: free potentially allocated iovec on cache put failure
If a read/write request goes through io_req_rw_cleanup() and has an
allocated iovec attached and fails to put to the rw_cache, then it may
в конечном итоге получим неучтенный указатель iovec. Вернуть io_rw_recycle()
whether it recycled the request or not, and use that to gauge whether to
освободить потенциальный iovec или нет.
Показать оригинальное описание (EN)
In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end up with an unaccounted iovec pointer. Have io_rw_recycle() return whether it recycled the request or not, and use that to gauge whether to free a potential iovec or not.