8.8
CVE-2025-39698
- EPSS 0.18%
- Veröffentlicht 05.09.2025 17:21:04
- Zuletzt bearbeitet 25.11.2025 21:31:12
- CVE-Watchlists
- Unerledigt
io_uring/futex: ensure io_futex_wait() cleans up properly on failure
In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at that point. Those two should always go together, as the flag tells io_uring whether the field is valid or not. Additionally, on failure cleanup, the futex handler frees the data but does not clear ->async_data. Clear the data and the flag in the error path as well. Thanks to Trend Micro Zero Day Initiative and particularly ReDress for reporting this.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.44
Linux ≫ Linux Kernel Version >= 6.13 < 6.16.4
Linux ≫ Linux Kernel Version6.17 Updaterc1
Linux ≫ Linux Kernel Version6.17 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.075 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CWE-672 Operation on a Resource after Expiration or Release
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
https://git.kernel.org/stable/c/d9f93172820a53ab42c4b0e5e65291f4f9d00ad2
https://git.kernel.org/stable/c/d34c04152df517c59979b4bf2a47f491e06d3256
https://git.kernel.org/stable/c/508c1314b342b78591f51c4b5dadee31a88335df
https://www.zerodayinitiative.com/advisories/ZDI-25-915/