Re: CVE-2022-2602 - Linux kernel io_uring UAF

[Adam Reynolds <adamajreynolds () gmail com>]

On Mon, Nov 7, 2022 at 7:30 AM John Smith <smitchj013 () outlook com> wrote:
> Hello.
>
> Do anyone try this PoC? On my side it's not working on 5.4, 5.10 and 5.15 with KASAN on. KASAN is quiet.  Any ideas?
>
> 27.10.2022, 21:05, "Thadeu Lima de Souza Cascardo" <cascardo () canonical com>:
> > On Tue, Oct 18, 2022 at 01:59:51PM -0300, Thadeu Lima de Souza Cascardo wrote:
> >
> >     Sorry about posting this late, but here it is.
> >     poc.c
> >     Cascardo.

I ran this against both 5.15.68 and 6.1-rc2 and did not see this, only
a memory leak reported by asan:

adreynol@ADAM-HOMEDESK ~> sudo ./uaf_iouring

=================================================================
==182==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 120 byte(s) in 1 object(s) allocated from:
    #0 0x4cfa97 in __interceptor_malloc
(/home/adreynol/uaf_iouring+0x4cfa97) (BuildId:
2e78344ef59fbab75b1384f5e47ad697da629367)
    #1 0x512dac in main (/home/adreynol/uaf_iouring+0x512dac)
(BuildId: 2e78344ef59fbab75b1384f5e47ad697da629367)
    #2 0x7fb49165150f in __libc_start_call_main
(/lib64/libc.so.6+0x2950f) (BuildId:
85c438f4ff93e21675ff174371c9c583dca00b2c)

SUMMARY: AddressSanitizer: 120 byte(s) leaked in 1 allocation(s).