Public bug reported: [Impact] io_uring has been an important attack vector in the recent years in local privilege escalation attacks. Allowing admins that don't use io_uring to disable it in their systems allows them to reduce their attack surface.
[Test case] sysctl -w kernel.io_uring_disabled=1 then try to use io_uring from an unprivileged user, then try it with privileges (CAP_SYS_ADMIN) [Potential regression] Uses can be denied from using io_uring. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Affects: linux (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: linux (Ubuntu Lunar) Importance: Undecided Status: New ** Affects: linux (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Lunar) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2035116 Title: allow io_uring to be disabled in runtime Status in linux package in Ubuntu: New Status in linux source package in Focal: New Status in linux source package in Jammy: New Status in linux source package in Lunar: New Status in linux source package in Mantic: New Bug description: [Impact] io_uring has been an important attack vector in the recent years in local privilege escalation attacks. Allowing admins that don't use io_uring to disable it in their systems allows them to reduce their attack surface. [Test case] sysctl -w kernel.io_uring_disabled=1 then try to use io_uring from an unprivileged user, then try it with privileges (CAP_SYS_ADMIN) [Potential regression] Uses can be denied from using io_uring. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2035116/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp