← Back

CVE-2025-21655

nvd nist
Published: Jan 20, 2025Modified: Jun 17, 2026

JSON object

Loading...
4.7
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.0 / Impact: 3.6
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period.

Affected (9)

Products: Linux: Linux Kernel
1 product
Linux Kernel
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Linux
From 6.1 to 6.1.125
From 6.2 to 6.6.72
From 6.7 to 6.12.10
Version 6.13 rc1
Version 6.13 rc2
Version 6.13 rc3
Version 6.13 rc4
Version 6.13 rc5
Version 6.13 rc6

References (6)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.