Linux Kernel Vulnerability Affecting io_uring Functionality
CVE-2025-21863

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

In the Linux kernel, a significant security vulnerability has been identified concerning the io_uring subsystem. The issue arises from a flaw in the handling of opcode speculations, specifically regarding the integrity of the sqe->opcode field. This vulnerability could potentially allow for unauthorized access or manipulation of data by preventing proper sanitation against speculative execution attacks. Effective patch management is crucial for users employing affected Linux kernel versions to maintain system integrity and security.

Affected Version(s)

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd < 506b9b5e8c2d2a411ea8fe361333f5081c56d23a

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd

References

https://git.kernel.org/stable/c/b9826e3b26ec031e9063f64a7...

https://git.kernel.org/stable/c/506b9b5e8c2d2a411ea8fe361...

https://git.kernel.org/stable/c/fdbfd52bd8b85ed6783365ff5...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024