ghsa-qrxq-fh5p-2v4x
Vulnerability from github
Published
2025-05-01 15:31
Modified
2025-05-01 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix multishot accept request leaks

Having REQ_F_POLLED set doesn't guarantee that the request is executed as a multishot from the polling path. Fortunately for us, if the code thinks it's multishot issue when it's not, it can only ask to skip completion so leaking the request. Use issue_flags to mark multipoll issues.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49791"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:02Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix multishot accept request leaks\n\nHaving REQ_F_POLLED set doesn\u0027t guarantee that the request is\nexecuted as a multishot from the polling path. Fortunately for us, if\nthe code thinks it\u0027s multishot issue when it\u0027s not, it can only ask to\nskip completion so leaking the request. Use issue_flags to mark\nmultipoll issues.",
  "id": "GHSA-qrxq-fh5p-2v4x",
  "modified": "2025-05-01T15:31:46Z",
  "published": "2025-05-01T15:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49791"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e4626de856ef8f25ecd9c716e76d4f95ce95639"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91482864768a874c4290ef93b84a78f4f1dac51b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.