Linux io_uring: A Blind Spot for Antivirus?

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Linux io_uring: A Blind Spot for Antivirus?

2025-05-04

Security firm ARMO has revealed a vulnerability in Linux's io_uring interface, allowing malware to bypass detection by some antivirus and endpoint protection tools. io_uring enables applications to perform I/O operations without traditional system calls, evading syscall-based monitoring. ARMO's proof-of-concept, Curing, successfully evaded detection by Falco, Tetragon, and Microsoft Defender in default configurations. This vulnerability potentially affects tens of thousands of Linux servers. While vendors acknowledge the issue and work on fixes, Google has already disabled or restricted io_uring in ChromeOS and Android after significant bug bounty payouts related to io_uring flaws.

(www.theregister.com)

Tech antivirus

Cjam: A Lightweight MP3 Editor for Windows

Codd's Cellular Automaton: A Simpler Self-Replicating Machine