Last active
February 12, 2021 01:52
-
-
Save denisse-dev/9905e425edc1cffd5ccd9fb059b33ce1 to your computer and use it in GitHub Desktop.
ASA-202102-25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Arch Linux Security Advisory ASA-202102-24 | |
========================================== | |
Severity: Medium | |
Date : 2021-02-09 | |
CVE-ID : CVE-2021-20226 | |
Package : linux-hardened | |
Type : privilege escalation | |
Remote : No | |
Link : https://security.archlinux.org/AVG-1557 | |
Summary | |
======= | |
The package linux-hardened before version 5.10.1.a-1 is vulnerable to | |
privilege escalation. | |
Resolution | |
========== | |
Upgrade to 5.10.1.a-1. | |
# pacman -Syu "linux-hardened>=5.10.1.a-1" | |
The problem has been fixed upstream in version 5.10.1-a. | |
Workaround | |
========== | |
None. | |
Description | |
=========== | |
A use-after-free flaw was found in io_grab_files in fs/io_uring.c in io_uring | |
I/O access. This flaw could allow a local attacker with a user privilege to | |
crash the system at device IORING_OP_CLOSE operation where a file reference | |
counter was not incremented while in use. This vulnerability could even lead | |
to a kernel information leak problem. | |
Impact | |
====== | |
An attacker can escalate privileges on the system through via abusing | |
io_uring descriptor initialization. | |
References | |
========== | |
https://bugzilla.redhat.com/show_bug.cgi?id=1873476 | |
https://seclists.org/oss-sec/2021/q1/111 | |
https://www.zerodayinitiative.com/advisories/ZDI-21-001/ | |
https://access.redhat.com/security/cve/CVE-2021-20226 | |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20226 | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=233295130e53c8dfe6dbef3f52634c3f7e44cd6a | |
https://security.archlinux.org/CVE-2021-20226 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment