QID 355565

an issue was discovered in fs/io_uring.c in the linux kernel through 5.11.8.
It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a sqpoll thread, but concurrently that sqpoll thread is waiting for a signal to start, aka cid-3ebba796fa25. (
( CVE-2021-28951) a flaw was found in unrestricted ebpf usage by the bpf_btf_load, leading to a possible out-of-bounds memory write in the linux kernels bpf subsystem due to the way a user loads btf.
This flaw allows a local user to crash or escalate their privileges on the system. (
( CVE-2022-0500) a flaw was found in the linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
This flaw allows a local user to cause an out-of-bounds write issue. (
( CVE-2022-1015) a flaw was found in the linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free.
This issue needs to handle return with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (
( CVE-2022-1016) when the kvm updates the guests page table entry, it will first use get_user_pages_fast() to pin the page, and when it fails (e.g. the vma->flags has vm_io or vm_pfnmap), it will get corresponding vma where the page lies in through find_vma_intersection(), calculate the physical address, and map the page to the kernel virtual address through memremap(), and finally, write the update. the problem is that when we get the vma through find_vma_intersection(), only vm_pfnmap is checked, not both vm_io and vm_pfnmap.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.