Querijn Voet

**Name of the Vulnerable Software and Affected Versions** Linux Kernel versions prior to the commit ef7dfac51d8ed961b742218f526bd589f3900a59 Linux Kernel 5.10 versions prior to 4716c73b188566865bdd79c3a6709696a224ac04 Linux Kernel 5.15 versions prior to 0e388fce7aec40992eadee654193cad345d62663 **Description** A use-after-free vulnerability in the Linux Kernel io uring subsystem can be exploited to achieve local privilege escalation. Racing a `io uring` cancel poll request with a linked timeout can cause a UAF in a `hrtimer`. This issue allows an attacker to potentially gain elevated privileges on a system. **Recommendations** Upgrade past commit ef7dfac51d8ed961b742218f526bd589f3900a59 to fix the issue. For Linux Kernel 5.10, upgrade past commit 4716c73b188566865bdd79c3a6709696a224ac04. For Linux Kernel 5.15, upgrade past commit 0e388fce7aec40992eadee654193cad345d62663. As a temporary workaround, consider restricting access to the `io uring` subsystem until a patch is available.