CVE-2025-21686 - Linux Kernel io_uring Unprivileged Memory Corruption Vulnerability
CVE ID : CVE-2025-21686 Published : Feb. 10, 2025, 4:15 p.m. | 59 minutes ago Description : In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: require cloned buffers to share accounting contexts When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring instance A to uring instance B, where A and B use different MMs for accounting, the accounting can go wrong: If uring instance A is closed before uring instance B, the pinned memory counters for uring instance B will be decremented, even though the pinned memory was originally accounted through uring instance A; so the MM of uring instance B can end up with negative locked memory. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21686
Published : Feb. 10, 2025, 4:15 p.m. | 59 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: require cloned buffers to share accounting contexts When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring instance A to uring instance B, where A and B use different MMs for accounting, the accounting can go wrong: If uring instance A is closed before uring instance B, the pinned memory counters for uring instance B will be decremented, even though the pinned memory was originally accounted through uring instance A; so the MM of uring instance B can end up with negative locked memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Feb. 10, 2025, 4:15 p.m. | 59 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: require cloned buffers to share accounting contexts When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring instance A to uring instance B, where A and B use different MMs for accounting, the accounting can go wrong: If uring instance A is closed before uring instance B, the pinned memory counters for uring instance B will be decremented, even though the pinned memory was originally accounted through uring instance A; so the MM of uring instance B can end up with negative locked memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
