Google has announced that it will disable the default asynchronous interface, Input/output io_uring, on ChromeOS, Android and working servers due to security concerns. The possibility of disconnecting IO_ARING by default at gke autopilot (Google Kubernetes Engine) has also been added. While using IO_URING can boost productivity, the deplorable security situation outweighs its benefits.
The KCTF Vulnerabilities Rewards Program, which provides monetary rewards for identifying vulnerabilities in the Linux nucleus, revealed that 60% of the applications received in the program operate using Io_uring, and the situation remains constant over time. In total, rewards of about one million dollars were paid for exploits associated with Io_uring despite the total amount of remuneration paid for vulnerabilities in the Linux nucleus throughout the initiative’s existence being about $1.8 million for 42 exploitations.
To enhance the safety of the Linux nucleus used in the reference environment, Google used several measures last year, such as protecting against damage to the structure of Freelist, forbidding entry outside the buffer in SLAB, and implementing blocking of attacks associated with the joint use of the cache. However, these changes did not affect the possibility of exploiting vulnerabilities in IO_URING, which has pushed Google to stop supporting io_uring in its products. In ChromeOS, support for IO_URING has been disabled.