CVE-2025-23154

MEDIUM EPSS 5.5%
Published May 1, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix io_req_post_cqe abuse by send bundle [ 114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0 [ 114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0 [ 115.001880][ T5313] Call Trace: [ 115.002222][ T5313] <TASK> [ 115.007813][ T5313] io_send+0x4fe/0x10f0 [ 115.009317][ T5313] io_issue_sqe+0x1a6/0x1740 [ 115.012094][ T5313] io_wq_submit_work+0x38b/0xed0 [ 115.013223][ T5313] io_worker_handle_work+0x62a/0x1600 [ 115.013876][ T5313] io_wq_worker+0x34f/0xdf0 As the comment states, io_req_post_cqe() should only be used by multishot requests, i.e. REQ_F_APOLL_MULTISHOT, which bundled sends are not. Add a flag signifying whether a request wants to post multiple CQEs. Eventually REQ_F_APOLL_MULTISHOT should imply the new flag, but that's left out for simplicity.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.10  –  <6.12.24
linuxlinux_kernel*≥6.13  –  <6.13.12
linuxlinux_kernel*≥6.14  –  <6.14.3

References 4

  • git.kernel.org https://git.kernel.org/stable/c/6889ae1b4df1579bcdffef023e2ea9a982565dff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7888c9fc0b2d3636f2e821ed1ad3c6920fa8e378
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9aa804e6b9696998308095fb9d335046a71550f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b7c6d081c19a5e11bbd77bb97a62cff2b6b21cb5
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/6889ae1b4df1579bcdffef023e2ea9a982565dff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7888c9fc0b2d3636f2e821ed1ad3c6920fa8e378
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9aa804e6b9696998308095fb9d335046a71550f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b7c6d081c19a5e11bbd77bb97a62cff2b6b21cb5
    Patch