5.5
CVE-2025-38002
- EPSS 0.18%
- Veröffentlicht 06.06.2025 13:43:41
- Zuletzt bearbeitet 14.11.2025 16:47:47
- CVE-Watchlists
- Unerledigt
io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo()
In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock' variable exists. But enough does that it's a bit unwieldy to manage. Wrap the whole thing in a ->uring_lock trylock, and just return with no output if we fail to grab it. The existing trylock() will already have greatly diminished utility/output for the failure case. This fixes an issue with reading the SQE fields, if the ring is being actively resized at the same time.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.13 < 6.14.8
Linux ≫ Linux Kernel Version6.15 Updaterc1
Linux ≫ Linux Kernel Version6.15 Updaterc2
Linux ≫ Linux Kernel Version6.15 Updaterc3
Linux ≫ Linux Kernel Version6.15 Updaterc4
Linux ≫ Linux Kernel Version6.15 Updaterc5
Linux ≫ Linux Kernel Version6.15 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.073 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/bdb7d2ec2e31c46c45d1f32667dfa8216a72705e
https://git.kernel.org/stable/c/d871198ee431d90f5308d53998c1ba1d5db5619a
https://project-zero.issues.chromium.org/issues/417522668