Description
In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: fix signedness in this_len calculation When importing and using buffers, buf->len is considered unsigned. However, buf->len is converted to signed int when committing. This can lead to unexpected behavior if the buffer is large enough to be interpreted as a negative value. Make min_t calculation unsigned.
Product status
ae98dbf43d755b4e111fcd086e53939bef3e9a1a (git) before f4f411c068402c370c4f9a9d4950a97af97bbbb1
ae98dbf43d755b4e111fcd086e53939bef3e9a1a (git) before c64eff368ac676e8540344d27a3de47e0ad90d21
6.12
Any version before 6.12
6.16.5 (semver)
6.17 (original_commit_for_fix)
References
git.kernel.org/...c/f4f411c068402c370c4f9a9d4950a97af97bbbb1
git.kernel.org/...c/c64eff368ac676e8540344d27a3de47e0ad90d21
