CVE-2022-1043 A flaw was found in the Linux kernel’s io_uring implementation (29th Aug 2022)

Preface: The identification of this vulnerability is CVE-2022-1043 since 03/22/2022. On 21st Aug 2022 the problem was fixed (see below):
io_uring: fix xa_alloc_cycle() error return value check
We currently check for ret != 0 to indicate error, but ‘1’ is a valid return and just indicates that the allocation succeeded with a wrap. Correct the check to be for < 0, like it was before the xarray conversion.

Background: io_uring (previously known as aioring) is a Linux kernel system call interface for storage device asynchronous I/O operations addressing performance issues with similar interfaces provided by functions like read() / write() or aio_read() / aio_write() etc. for operations on data accessed by file descriptors.
On Linux, the set of file descriptors open in a process can be accessed under the path /proc/PID/fd/ , where PID is the process identifier. File descriptor /proc/PID/fd/0 is stdin , /proc/PID/fd/1 is stdout , and /proc/PID/fd/2 is stderr .
For example: In Fedora, the file descriptor is located at /dev

Vulnerability details: A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
In some operating systems, including Unix and Linux, a pseudoterminal, pseudotty, or PTY is a pair of pseudo-device endpoints (files) which establish asynchronous, bidirectional communication (IPC) channel (with two ports) between two or more processes. For example, before starting SAP® Sybase® Adaptive Server Enterprise, system engineer need to verify there are sufficient system resources for kernel asynchronous I/O.
Therefore, if CVE-2022-1043 occurs, the impact will be huge. Maybe that’s why the announcement was delayed until after the fix.

Details of the official fix are shown in the link below:

Official details:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.