CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
CVE-2024-22017 是与 setuid 相关的漏洞
node:internal/bootstrap/switches/does_own_process_state:87
const result = method(id);
^
Error: setgid() disabled: io_uring may be enabled. See CVE-2024-22017.
at process.setgid (node:internal/bootstrap/switches/does_own_process_state:87:22)
at Object.setSudoGid (/home/bbaa/.config/yarn/global/node_modules/starting/lib/util.js:19:13)
at Object.<anonymous> (/home/bbaa/.config/yarn/global/node_modules/starting/lib/bootstrap.js:4:6)
at Module._compile (node:internal/modules/cjs/loader:1378:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1437:10)
at Module.load (node:internal/modules/cjs/loader:1212:32)
at Module._load (node:internal/modules/cjs/loader:1028:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:142:12)
at node:internal/main/run_main_module:28:49 {
code: 'ERR_INVALID_STATE'
}
相关 Package: https://github.com/avwo/starting CVE-2024-22017 当前保留未公开 搜索相关 Changelog(https://nodejs.org/en/blog/release/v21.6.2) 指出
CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
CVE-2024-22017 是与 setuid 相关的漏洞