| عنوان | Jens Axboe Fio 3.41 / master commit 84787ad Use After Free |
|---|
| الوصف | fio version 3.41 (master commit 84787ad) contains a heap-use-after-free vulnerability in its option parsing logic. During jobfile parsing, the function __parse_jobs_ini() (init.c) allocates an options array (opts) that is later freed. However, the freed array is still passed into fio_options_parse() (options.c), which calls sort_options() to sort the options using qsort().
The qsort() comparator (opt_cmp() in parse.c:1139) dereferences entries from the freed memory, leading to a use-after-free (UAF). |
|---|
| المصدر | ⚠️ https://github.com/axboe/fio/issues/1981 |
|---|
| المستخدم | ahuo (UID 90189) |
|---|
| ارسال | 14/09/2025 10:22 AM (8 أشهر منذ) |
|---|
| الاعتدال | 21/09/2025 06:05 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 325181 [axboe fio حتى 3.41 init.c __parse_jobs_ini تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|