Linux Kernel Vulnerability in io_uring Handling by Various Vendors

CVE-2025-21837

Summary

A data corruption vulnerability exists in the Linux kernel's io_uring, specifically in the handling of Submission Queue Entries (SQEs). When preparing SQEs, there is an opportunity for the original SQE data to be accessed, leading to potential exposure of stale data. This situation arises particularly when applications reuse the SQE before the original operation completes. Proper safeguards are necessary to ensure that all SQE-related data remains constant beyond the preparation phase, particularly for the uring_cmd function, which requires special attention to avoid data integrity issues and corruption.

References