Linux Kernel Vulnerability Affecting io_uring Functionality
CVE-2025-21863

7.8HIGH

Key Information:

Vendor
Linux
Status
Vendor
CVE Published:
12 March 2025

Summary

In the Linux kernel, a significant security vulnerability has been identified concerning the io_uring subsystem. The issue arises from a flaw in the handling of opcode speculations, specifically regarding the integrity of the sqe->opcode field. This vulnerability could potentially allow for unauthorized access or manipulation of data by preventing proper sanitation against speculative execution attacks. Effective patch management is crucial for users employing affected Linux kernel versions to maintain system integrity and security.

Affected Version(s)

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd < 506b9b5e8c2d2a411ea8fe361333f5081c56d23a

Linux d3656344fea0339fb0365c8df4d2beba4e0089cd

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.