Follow
Linux: privilege escalation via io_uring offload of sendmsg() onto kernel thread with kernel creds. As I understand, this is only in 5.3+, fixed in 5.3.15 and 5.4.2
https://bugs.chromium.org/p/project-zero/issues/detail?id=1975
Linux: privilege escalation via io_uring offload of sendmsg() onto kernel thread with kernel creds. As I understand, this is only in 5.3+, fixed in 5.3.15 and 5.4.2
https://bugs.chromium.org/p/project-zero/issues/detail?id=1975