Linux Kernel Vulnerability Affecting io_uring Functionality
CVE-2025-21863

7.8HIGH

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
12 March 2025

What is CVE-2025-21863?

In the Linux kernel, a significant security vulnerability has been identified concerning the io_uring subsystem. The issue arises from a flaw in the handling of opcode speculations, specifically regarding the integrity of the sqe->opcode field. This vulnerability could potentially allow for unauthorized access or manipulation of data by preventing proper sanitation against speculative execution attacks. Effective patch management is crucial for users employing affected Linux kernel versions to maintain system integrity and security.

Affected Version(s)

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd < 87e9eef43c758da267f6332678058a79764c7eba

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd < 18eae8420081ef8e043ad455937bfb470ef08607

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.