snailsploit[$]
Linux Kernel · Mainline Patch

io_uring/zcrx

user_ref race → double-free → OOB write

StatusMainline 7.0-rc1
Subsystemio_uring/zcrx
ProcessStandard maintainer review

Summary

io_uring/zcrx contains: user_ref race → double-free → OOB write. Reported, root-cause analyzed, patch submitted, accepted, and merged into Linus's tree through the standard kernel maintainer process. Status: Mainline 7.0-rc1 · backports 6.18.16 + 6.19.6.

References

Authoritative sources for the patch and discussion:

lore.kernel.org git.kernel.org All Kai Aizen patches

Context

This patch is one of five mainline contributions spanning networking, IPC, Bluetooth, RDMA, and io_uring. For broader vulnerability research see 23 published CVEs and research.

more kernel workall 5 patches →
kernel
Linux Kernel Contributions →
5 mainline-merged patches
cves
CVE Ledger →
23 published CVEs
research
Research →
methodology + writeups
Author
Kai Aizen
Independent offensive security researcher. 23 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.
aboutservicesgithubxlinkedinresearchgate