Jens Axboe

11 exploits Active since Sep 2008
CVE-2012-0879 WRITEUP MEDIUM WRITEUP
Linux Kernel < 2.6.33 - Denial of Service via CLONE_IO Feature
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
CVSS 5.5
CVE-2022-1043 WRITEUP HIGH WRITEUP
io_uring Same Type Object Reuse Priv Esc
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
CVSS 8.8
CVE-2022-29582 WRITEUP HIGH WRITEUP
Linux Kernel < 5.17.3 - Use-After-Free via io_uring Timeout Race Condition
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
CVSS 7.0
CVE-2022-3910 WRITEUP HIGH WRITEUP
Linux Kernel 5.18-5.19.10 - Use-After-Free in io_uring Fixed File Handling
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
CVSS 7.8
CVE-2018-11506 WRITEUP HIGH WRITEUP
Linux Kernel 4.11-4.16.12 - Stack-Based Buffer Overflow in sr_do_ioctl
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.
CVSS 7.8
CVE-2018-5344 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.13 - Use-After-Free in Loop Device Release
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
CVSS 7.8
CVE-2020-12657 WRITEUP HIGH WRITEUP
Linux kernel <5.6.5 - Use After Free
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.
CVSS 7.8
CVE-2022-4127 WRITEUP MEDIUM WRITEUP
Linux Kernel - Denial of Service via NULL Pointer Dereference in io_files_update_with_index_alloc
A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.
CVSS 5.5
CVE-2023-0240 WRITEUP HIGH WRITEUP
Linux Kernel < 5.10 - Use-After-Free in io_uring
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161.
CVSS 7.8
CVE-2023-46862 WRITEUP MEDIUM WRITEUP
Linux kernel <6.5.9 - Info Disclosure
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.
CVSS 4.7
CVE-2008-4302 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 2.6.22.2 - Denial of Service via Splice Subsystem Page Unlock
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVSS 5.5