CVE-2024-56762

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A use-after-free vulnerability has been identified in the Linux kernel's io uring/sqpoll component. This issue arises due to error handling races and can be triggered when io uring alloc task context() fails, allowing io sq thread() to run and complete before the rest of the error handling code. The vulnerability requires fault injection on the allocation side to be exploited in practice.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider restricting the use of the io uring/sqpoll component until a patch is available.