Comment by Retr0id

It seems a little dubious to brand something "insecure" based on the number of fixed bugs.

Is io_uring a complex and therefore bug-prone API surface? perhaps.

The `curl` project has a similar number of CVEs listed if you search for it, but we generally don't characterise curl as insecure.

If you're not using io_uring then it could make sense to disable it as a hardening measure, but I don't think the existence of now-fixed CVEs is a reason not to use it.