denisse-dev/ASA-202102-25

## ASA-202102-25
Arch Linux Security Advisory ASA-202102-24
==========================================

Severity: Medium
Date    : 2021-02-09
CVE-ID  : CVE-2021-20226
Package : linux-hardened
Type    : privilege escalation
Remote  : No
Link    : https://security.archlinux.org/AVG-1557

Summary
=======

The package linux-hardened before version 5.10.1.a-1 is vulnerable to
privilege escalation.

Resolution
==========

Upgrade to 5.10.1.a-1.

# pacman -Syu "linux-hardened>=5.10.1.a-1"

The problem has been fixed upstream in version 5.10.1-a.

Workaround
==========

None.

Description
===========

A use-after-free flaw was found in io_grab_files in fs/io_uring.c in io_uring
I/O access. This flaw could allow a local attacker with a user privilege to
crash the system at device IORING_OP_CLOSE operation where a file reference
counter was not incremented while in use. This vulnerability could even lead
to a kernel information leak problem.

Impact
======

An attacker can escalate privileges on the system through via abusing
io_uring descriptor initialization.

References
==========

https://bugzilla.redhat.com/show_bug.cgi?id=1873476
https://seclists.org/oss-sec/2021/q1/111
https://www.zerodayinitiative.com/advisories/ZDI-21-001/
https://access.redhat.com/security/cve/CVE-2021-20226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20226
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=233295130e53c8dfe6dbef3f52634c3f7e44cd6a
https://security.archlinux.org/CVE-2021-20226
	Arch Linux Security Advisory ASA-202102-24
	==========================================

	Severity: Medium
	Date : 2021-02-09
	CVE-ID : CVE-2021-20226
	Package : linux-hardened
	Type : privilege escalation
	Remote : No
	Link : https://security.archlinux.org/AVG-1557

	Summary
	=======

	The package linux-hardened before version 5.10.1.a-1 is vulnerable to
	privilege escalation.

	Resolution
	==========

	Upgrade to 5.10.1.a-1.

	# pacman -Syu "linux-hardened>=5.10.1.a-1"

	The problem has been fixed upstream in version 5.10.1-a.

	Workaround
	==========

	None.

	Description
	===========

	A use-after-free flaw was found in io_grab_files in fs/io_uring.c in io_uring
	I/O access. This flaw could allow a local attacker with a user privilege to
	crash the system at device IORING_OP_CLOSE operation where a file reference
	counter was not incremented while in use. This vulnerability could even lead
	to a kernel information leak problem.

	Impact
	======

	An attacker can escalate privileges on the system through via abusing
	io_uring descriptor initialization.

	References
	==========

	https://bugzilla.redhat.com/show_bug.cgi?id=1873476
	https://seclists.org/oss-sec/2021/q1/111
	https://www.zerodayinitiative.com/advisories/ZDI-21-001/
	https://access.redhat.com/security/cve/CVE-2021-20226
	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20226
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=233295130e53c8dfe6dbef3f52634c3f7e44cd6a
	https://security.archlinux.org/CVE-2021-20226