cve/published/2023/CVE-2023-52926.diff - pub/scm/linux/security/vulns - Git at Google

 --- a	2025-02-24 09:58:50.683828332 +0100
 +++ b	2025-02-24 09:58:55.264968472 +0100
 @@ -1,6 +1,6 @@
  In the Linux kernel, the following vulnerability has been resolved:

 -io_uring/rw: split io_read() into a helper
 -
 -Add __io_read() which does the grunt of the work, leaving the completion
 -side to the new io_read(). No functional changes in this patch.
 +IORING_OP_READ did not correctly consume the provided buffer list when
 +read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return).
 +This can lead to a potential use-after-free when the completion via
 +io_rw_done runs at separate context.
	--- a 2025-02-24 09:58:50.683828332 +0100
	+++ b 2025-02-24 09:58:55.264968472 +0100
	@@ -1,6 +1,6 @@
	In the Linux kernel, the following vulnerability has been resolved:

	-io_uring/rw: split io_read() into a helper
	-
	-Add __io_read() which does the grunt of the work, leaving the completion
	-side to the new io_read(). No functional changes in this patch.
	+IORING_OP_READ did not correctly consume the provided buffer list when
	+read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return).
	+This can lead to a potential use-after-free when the completion via
	+io_rw_done runs at separate context.