Google Limiting IO_uring Use (crhomeos + android) Due To Security Vulnerabilities

So i was wondering, are those vulnerabilities serious ?
should a random user like me or anyone be worried about them?
( Public kCTF VRP / kernelCTF responses - Google Drive)

i’m not a techy guy, buit i’m suprise by those numbers : “Since its inception, the program has rewarded researchers with a total of 1.8 million USD, and in the past year, there has been a clear trend: 60% of the submissions exploited the io_uring component of the Linux kernel” , maybe it is due to the fact that it is a new tech.
i’m also surprise to see google taking those actions , and 0 linux distros follow those actions, or react to it.

nothin to get worry about here ?

I never heard about io_uring till reading this topic and after reading this I do not feel less secure.

There are quite some bugs found in io_uring very likely because this is a relative new piece of software that replaces older software and bugs are found and solved over time so older software that is used typically has less bugs.

I can see why Google did disable it for their servers, Google risk running many,many computers and being a public company is magnitude higher then mine.

On the page I read:

Android: Our seccomp-bpf filter ensures that io_uring is unreachable to apps.

So the problem is external software calling io_uring doing nasty things. I understand not too many programs do that already (new functionality) and for the rest I trust the software running on my computer not doing that.

1 Like