This bug is awaiting verification that the linux- oracle-6.2/6.2.0-1015.15~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux- oracle-6.2' to 'verification-done-jammy-linux-oracle-6.2'. If the problem still exists, change the tag 'verification-needed-jammy-linux- oracle-6.2' to 'verification-failed-jammy-linux-oracle-6.2'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-oracle-6.2-v2 verification-needed-jammy-linux-oracle-6.2 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-6.1 in Ubuntu. https://bugs.launchpad.net/bugs/2035116 Title: allow io_uring to be disabled in runtime Status in linux package in Ubuntu: Fix Committed Status in linux-oem-6.1 package in Ubuntu: Invalid Status in linux source package in Focal: Fix Released Status in linux-oem-6.1 source package in Focal: Invalid Status in linux source package in Jammy: Fix Released Status in linux-oem-6.1 source package in Jammy: Fix Released Status in linux source package in Lunar: Fix Released Status in linux-oem-6.1 source package in Lunar: Invalid Status in linux source package in Mantic: Fix Committed Status in linux-oem-6.1 source package in Mantic: Invalid Bug description: [Impact] io_uring has been an important attack vector in the recent years in local privilege escalation attacks. Allowing admins that don't use io_uring to disable it in their systems allows them to reduce their attack surface. [Test case] sysctl -w kernel.io_uring_disabled=1 then try to use io_uring from an unprivileged user, then try it with privileges (CAP_SYS_ADMIN) Actually also tried setting kernel.io_uring_disabled=2 and checking that neither (privileged or unprivileged worked). Then testing setting it back to 0. Then tested with io_uring_disabled set to 1 and io_uring_group=1000 and that it worked for group 1000, then set it to 1001 and verified that it didn't work anymore for group 1000. [Potential regression] Uses can be denied from using io_uring. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2035116/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
