IM
IronMonkey Threat Research

CVE-2025-21655 MEDIUM

Published: 2025-01-20 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period.

Additional Descriptions (1)

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring/eventfd: garantizar que io_eventfd_signal() posponga otro período de RCU io_eventfd_do_signal() se invoca desde una devolución de llamada de RCU, pero al eliminar la referencia a io_ev_fd, llama a io_eventfd_free() directamente si El recuento cae a cero. Esto no es correcto, ya que cualquier posible liberación de io_ev_fd debería posponerse otro período de gracia de RCU. Simplemente llame a io_eventfd_put() en lugar de abrir el código dec-and-test y free, lo que lo diferirá correctamente a otro período de gracia de RCU.

CVSS Metrics

Base Score: 4.7 (MEDIUM)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.0

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en CWE-416

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bdd1298c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702b70376e40> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc131a00> Operating System
linux linux_kernel 6.13 <built-in method update of dict object at 0x702c047dd780> Operating System
linux linux_kernel 6.13 <built-in method update of dict object at 0x702bdd128ec0> Operating System
linux linux_kernel 6.13 <built-in method update of dict object at 0x702bcc9b3340> Operating System
linux linux_kernel 6.13 <built-in method update of dict object at 0x702bcc9b0dc0> Operating System
linux linux_kernel 6.13 <built-in method update of dict object at 0x702b70375680> Operating System
linux linux_kernel 6.13 <built-in method update of dict object at 0x702bfc132e80> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*

References

Notification
Message here