loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. CREATE(Triage):(User=admin) CVE-2021-41073 (https://nvd.nist.gov/vuln/detail/CVE-2021-41073)