A time-of-check to time-of-use issue exists in io_uring subsystems IORING_OP_CLOSE operation in the Linux kernels versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 5.6 (including) | 5.10.162 (excluding) |
Linux_kernel | Linux | 5.11 (including) | 5.11.6 (excluding) |