CVE-2022-40476: If you use io_uring to optimize your Redis, you should stay alert! (15th Sep 2022)

Preface: Dereferencing a null pointer is undefined behavior, typically abnormal program termination. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code.

Background: io_uring (previously known as aioring) is a Linux kernel system call interface for storage device asynchronous I/O operations addressing performance issues with similar interfaces provided by functions like read()/write() or aio_read()/aio_write() etc. for operations on data accessed by file descriptors.

Vulnerability details: A null pointer dereference issue was discovered in fs/io_uring[.]c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.

Reminder: In the moment, open source developer did not had good way to completely fix the destructive RMW (unless we go full scrub for each partial write), But the fix thet test can be limited the damage .

Software developer announcement:
Although we have no good way to completely fix the destructive RMW (unless we go full scrub for each partial write), we can still limit the damage.
With patch “btrfs: only write the sectors in the vertical stripe which has data stripes” now we won’t really submit the P/Q of unrelated vertical stripes, so the on-disk P/Q should still be fine.


  • btrfs is a modern copy on write (CoW) filesystem for Linux aimed at implementing advanced features while also focusing on fault tolerance or repair.
  • destructive read-modify-write (RMW)

Related details reference link:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.