i’m not a techy guy, buit i’m suprise by those numbers : “Since its inception, the program has rewarded researchers with a total of 1.8 million USD, and in the past year, there has been a clear trend: 60% of the submissions exploited the io_uring component of the Linux kernel” , maybe it is due to the fact that it is a new tech.
i’m also surprise to see google taking those actions , and 0 linux distros follow those actions, or react to it.
I never heard about io_uring till reading this topic and after reading this I do not feel less secure.
There are quite some bugs found in io_uring very likely because this is a relative new piece of software that replaces older software and bugs are found and solved over time so older software that is used typically has less bugs.
I can see why Google did disable it for their servers, Google risk running many,many computers and being a public company is magnitude higher then mine.
On the page I read:
Android: Our seccomp-bpf filter ensures that io_uring is unreachable to apps.
So the problem is external software calling io_uring doing nasty things. I understand not too many programs do that already (new functionality) and for the rest I trust the software running on my computer not doing that.