In the implementation of the interface of asynchronous input/output IO_URING, which is part of the Linux nucleus starting from the release of 5.1, it was revealed vulnerability ( cve-2022-29582 ), allowing an unwilling user to obtain Root rights in the system, including when starting an exploit from a container. Vulnerability is caused by the appeal to the already released memory block, manifests itself in Linux nuclei from 5.10 and google cos (Container optimized OS), based on Chromium OS and Google Cloud Platform in virtual machines Compute Engine. Exploit is designed to work with the branches of the nucleus from 5.10 to 5.12.
/Media reports.