Linux Kernel Vulnerability in io_uring and futex Handling
CVE-2025-39698

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39698?

A vulnerability exists in the Linux kernel's io_uring and futex handling, where the io_futex_data is assigned to the async_data field without the necessary flag, REQ_F_ASYNC_DATA. This discrepancy can lead to improper data management and error handling. During fault conditions, the futex handler fails to clear the async_data flag after freeing the data, which may result in inconsistencies or potential data misuse. Prompt updates and patches address this issue, ensuring synchronized cleaning of both the async_data field and its associated flag.

Affected Version(s)

Linux 194bb58c6090e39bd7d9b9c888a079213628e1f6

Linux 194bb58c6090e39bd7d9b9c888a079213628e1f6 < 508c1314b342b78591f51c4b5dadee31a88335df

References

https://git.kernel.org/stable/c/d9f93172820a53ab42c4b0e5e...

https://git.kernel.org/stable/c/d34c04152df517c59979b4bf2...

https://git.kernel.org/stable/c/508c1314b342b78591f51c4b5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025