Clarify (future) disabling of io_uring

README.md

@@ -43,7 +43,8 @@ space, user space, core dumps, and swap space.
 
 - Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap.
 
-- Disable asynchronous I/O (when using Linux kernel version >= 6.6).
+- Provide the option to disable asynchronous I/O as `io_uring` has been the source
+  of numerous kernel exploits (when using Linux kernel version >= 6.6).
 
 - Restrict usage of `ptrace()` to only processes with `CAP_SYS_PTRACE` as it
   enables programs to inspect and modify other active processes. Provide the

usr/lib/sysctl.d/990-security-misc.conf

@@ -117,12 +117,18 @@ kernel.perf_event_paranoid=3
 kernel.randomize_va_space=2
 
 ## Disable asynchronous I/O for all processes.
+## Leading cause of numerous kernel exploits.
+## Disabling will reduce the read/write performance of storage devices.
 ##
+## https://en.wikipedia.org/wiki/Io_uring#Security
+## https://lwn.net/Articles/902466/
 ## https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html
+## https://github.com/moby/moby/pull/46762
+## https://forums.whonix.org/t/io-uring-security-vulnerabilties/16890
 ##
 ## Applicable when using Linux kernel >= 6.6 (retained here for future-proofing and completeness).
 ##
-kernel.io_uring_disabled=2
+#kernel.io_uring_disabled=2
 
 ## 2. User Space:
 ##