In the Linux kernel detected Vulnerability (Cve-2021-41073 ), allowing the local user to raise its privileges in the system. The problem is caused by an error in implementing the IO_URING asynchronous I / O interface, leading to an appeal to an already liberated memory block. It is noted that the researcher managed to achieve the release of memory for a given displacement when manipulating with the LOOP_RW_ITER () function from an unprivileged user, which makes it possible to create a working exploit. The problem is still eliminated only in the form of patch which is boopported into stable nuclear branches, but the update has not yet been released.
/Media reports.