Impact
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
Patches
The fix has been backported to 5.15.34 version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.0.3 is shipped with Linux Kernel 5.15.34+ fixing the above issue.
Workarounds
It's recommended to upgrade, but we were unable to reproduce the issue inside a normal Kubernetes workload.
References
For more information
Impact
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
Patches
The fix has been backported to 5.15.34 version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.0.3 is shipped with Linux Kernel 5.15.34+ fixing the above issue.
Workarounds
It's recommended to upgrade, but we were unable to reproduce the issue inside a normal Kubernetes workload.
References
For more information