CVE-2024-53187

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-next-20241118-syzkaller

Description The issue is related to the io uring feature in the Linux kernel, where the io pin pages function does not properly check for overflows. The uaddr parameter of io pin pages() comes directly from the user and can contain garbage data, which can lead to overflows if size is simply added to it. This can cause problems in the io uaddr map function and other related functions like io rings map and io allocate scq urings.

Recommendations For Linux kernel versions prior to 6.12.0-next-20241118-syzkaller, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the io uring feature to minimize the risk of exploitation. Additionally, avoid using the uaddr parameter in the affected functions until the issue is resolved. At the moment, there is no information about other specific mitigation measures.