CVE-2026-23275

EPSS 0.02%
Veröffentlicht 20.03.2026 08:08:55
Zuletzt bearbeitet 02.04.2026 15:16:29
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

io_uring: ensure ctx->rings is stable for task work flags manipulation

In the Linux kernel, the following vulnerability has been resolved:

io_uring: ensure ctx->rings is stable for task work flags manipulation

If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is added while
the ring is being resized, it's possible for the OR'ing of
IORING_SQ_TASKRUN to happen in the small window of swapping into the
new rings and the old rings being freed.

Prevent this by adding a 2nd ->rings pointer, ->rings_rcu, which is
protected by RCU. The task work flags manipulation is inside RCU
already, and if the resize ring freeing is done post an RCU synchronize,
then there's no need to add locking to the fast path of task work
additions.

Note: this is only done for DEFER_TASKRUN, as that's the only setup mode
that supports ring resizing. If this ever changes, then they too need to
use the io_ctx_mark_taskrun() helper.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 79cfe9e59c2a12c3b3faeeefe38d23f3d8030972

Version < 7cc4530b3e952d4a5947e1e55d06620d8845d4f5

Status affected

Version 79cfe9e59c2a12c3b3faeeefe38d23f3d8030972

Version < 46dc07d5f31411cc023f3bf1f4a23a07bf6e0ed1

Status affected

Version 79cfe9e59c2a12c3b3faeeefe38d23f3d8030972

Version < 96189080265e6bb5dde3a4afbaf947af493e3f82

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.13

Status affected

Version 0

Version < 6.13

Status unaffected

Version <= 6.18.*

Version 6.18.19

Status unaffected

Version <= 6.19.*

Version 6.19.9

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/7cc4530b3e952d4a5947e1e55d06620d8845d4f5

https://git.kernel.org/stable/c/46dc07d5f31411cc023f3bf1f4a23a07bf6e0ed1

https://git.kernel.org/stable/c/96189080265e6bb5dde3a4afbaf947af493e3f82

https://nvd.nist.gov/vuln/detail/CVE-2026-23275

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23275

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23275

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23275