Linux Kernel Out-of-Bounds Read Vulnerability in io_uring SQE_MIXED Wrap Check

An out-of-bounds read vulnerability has been identified in the Linux kernel's io_uring implementation, specifically within the SQE_MIXED wrap check. This issue arises in the stable Linux kernel when the second half of a 128-byte Submission Queue Entry (SQE) on an IORING_SETUP_SQE_MIXED ring could extend beyond the end of the sq_sqes array. The vulnerability occurs because the existing wrap check logic fails to account for all iterations, allowing for potential memory access errors.

Impact

Exploitation of this vulnerability leads to an out-of-bounds read, which can potentially be exploited to read sensitive information from memory or cause a denial-of-service condition by crashing the system.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.