Jayden Rivers

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.17.3 **Description** The issue is related to a use-after-free vulnerability in the fs/io uring.c file of the Linux kernel's io uring subsystem, caused by a race condition in io uring timeouts. This can be triggered by a local user without access to any user namespace, potentially allowing the attacker to cause a denial of service or escalate privileges. The vulnerability can be exploited infrequently due to the race condition. A detailed exploit has been described, leveraging a cross-cache attack and msg msg spraying to overwrite a tls context object and execute a ROP chain to gain root. **Recommendations** For Linux kernel versions prior to 5.17.3, update to version 5.17.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the io uring subsystem until a patch is applied. Avoid using the io uring timeouts feature in the affected kernel versions until the issue is resolved.