In this article, I would like to give you a technical description of CVE-2021–20226( ZDI-2021–001 ) which is published before. I discovered this v

CVE-2021–20226 a reference counting bug which leads to local privilege escalation in io_uring.

submited by
Style Pass
2021-06-21 19:00:10

In this article, I would like to give you a technical description of CVE-2021–20226( ZDI-2021–001 ) which is published before. I discovered this vulnerability and reported it to the vendor via the Zero Day Initiative. This article is not intended to inform you of the dangers of vulnerabilities, but to share tips from a technical point of view.

An overview of the vulnerabilities and attack methods can be found at the links below. This blog will explain in a little more detail.

If you have any questions or found any mistakes, I’d appreciate it if you could contact me individually. And, the code in this article basically refers to the Linux Kernel source code at Linux kernel 5.6.19.

io_uring is one of the actively updated features as of 2021, and the information changes as the version changes (many changes have been made since the time I discovered it). Therefore, please note that the information is not up-to-date even at the time of writing the blog.

Please refer to some blogs/slides posted on the Internet for specs and detailed descriptions from the user’s perspective. From here, I will continue to explain the outline of io_uring on the assumption that you understand it.

Leave a Comment