CVE-2024-42254

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix error pbuf checking

Syz reports a problem, which boils down to NULL vs ISERR inconsistent error handling in ioallocpbufring().

KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:_ioremovebuffers+0xac/0x700 iouring/kbuf.c:341 Call Trace: <TASK> ioputbl iouring/kbuf.c:378 [inline] iodestroybuffers+0x14e/0x490 iouring/kbuf.c:392 ioringctxfree+0xa00/0x1070 iouring/iouring.c:2613 ioringexitwork+0x80f/0x8a0 iouring/iouring.c:2844 processonework kernel/workqueue.c:3231 [inline] processscheduledworks+0xa2c/0x1830 kernel/workqueue.c:3312 workerthread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 retfromfork+0x4b/0x80 arch/x86/kernel/process.c:147 retfromforkasm+0x1a/0x30 arch/x86/entry/entry_64.S:244