CVE-2019-19241

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.2

Description The issue is related to the io uring feature in the Linux kernel, which can lead to requests being executed with UID 0 and full capabilities, even when initiated by an unprivileged user. This can allow an attacker to bypass intended restrictions, such as adding an IPv4 address to the loopback interface. The problem arises because IORING OP SENDMSG operations are sometimes performed by a kernel worker thread without considering the context of the requesting user. The estimated number of potentially affected devices is not provided.

Recommendations For Linux kernel versions prior to 5.4.2, update to version 5.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the io uring feature until a patch is available.