| The CVE-2021-47504 vulnerability affects the Linux kernel's io_uring subsystem, specifically in the `io_uring_cancel_generic()` function. When a work item is canceled, it may need to be processed through task_work, but if this processing is not done, the system can enter an uninterruptible sleep state, leading to a warning and lack of forward progress. |
| |
| The issue arises because when a work item is successfully canceled, the kernel may not ensure that the associated task_work is run as part of the cancelation. This can cause the system to sleep uninterruptibly in `io_uring_cancel_generic()`, preventing the processing of the task_work and leading to the aforementioned warning and lack of forward progress. |
| |
| The vulnerability has been fixed in Linux kernel versions 5.15.8 and 5.16, with commits 8e12976c0c19 and 78a780602075, respectively. The fix ensures that task_work is properly run as part of cancelations, preventing the uninterruptible sleep state and warning. The affected file is `fs/io_uring.c`. |
| |
