Did you read the CVEs? Half these aren't vulnerabilities. One allows the root user to create a kernel thread and then block its shutdown for several minutes. One is that if you do something that's obviously stupid, you don't get an event notification for it.
replyRemember the Linux kernel's policy of assigning a CVE to every single bug, in protest to the stupid way CVEs were being assigned before that.
> Did you read the CVEs?
replyYou obviously didn't read to the end of my little post, yet feel righteous enough to throw that out…
> One allows the root user to create a kernel thread and then block its shutdown for several minutes.
Which as part of a compromise chain could cause a DoS issue that might be able to bypass common protections like cgroup imposed limits.
If we apply risk/reward analysis, how probable is such a chain of exploits? If you already got local root, you might as well do a little bit more than a simple DoS.
replyDepending on how much performance would be gained by using io_uring in a particular case, and how many layers of protection exist around your server, it might be a risk worth taking.