CVE-2021-41073: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-41073 is a vulnerability discovered in the Linux kernel's io_uring subsystem, specifically in the loop_rw_iter function in fs/io_uring.c. The vulnerability affects Linux kernel versions 5.10 through 5.14.6, discovered and reported by Valentina Palmiotti in September 2021. The flaw allows local users to gain elevated privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer (Openwall List).

The vulnerability exists in the loop_rw_iter function within fs/io_uring.c. When files don't implement the file op function read_iter (such as procfs files like /proc//maps), loop_rw_iter is called to manually perform iterative read/write operations. The issue occurs when using IORING_OP_PROVIDE_BUFFERS command to preselect buffers for I/O operations, causing req->rw.addr to contain a pointer to a kernel buffer (io_buffer structure) instead of a userspace buffer. This buffer is later freed in io_put_kbuf after the read/write request completes, giving attackers the ability to free adjacent buffers at a controllable offset (Openwall List).

The vulnerability has a CVSS 3.1 score of 7.8 (High), allowing local users with normal privileges to escalate to higher privileges. Successful exploitation could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Advisory).

The vulnerability was patched in the Linux kernel with commit 16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc, which ensures symmetry in handling iter types in loop_rw_iter(). The fix has been backported to affected stable kernel trees. Various Linux distributions have released security updates to address this vulnerability, including Debian (version 5.10.46-5) and Fedora (Kernel Commit, Debian Advisory).