tags:io_uringlinuxlpeuaf original link: Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu newsletter link: exploits.club Weekly Newsletter 14
Exploits Club Summary:
@XI_Research put out a new post this week detailing exploitation of CVE-2024-0582, a UAF inÂ
io_uring. The blog notes the bug was originally patched back in December of 2023, but wasnât brought to the Ubuntu kernel until late February. The post then dives into a brief overview ofÂio_uring, a root-cause analysis of the vulnerability, and the data-only exploit written by the team.