■■■■□ A proof-of-concept program has been released to demonstrate a so-called monitoring “blind spot” in how some Linux antivirus and other endpoint protection tools use the kernel’s io_uring interface.
That interface allows applications to make IO requests without using traditional system calls. That’s a problem for security tools that rely on syscall monitoring to detect threats.
https://developers.redhat.com/articles/2023/04/12/why-you-should-use-iouring-network-io
https://www.theregister.com/2025/04/29/linux_io_uring_security_flaw/