Incorrect io_kiocb Reference in Linux Kernel Affects Multiple Releases
CVE-2025-39963

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-39963?

A vulnerability in the Linux kernel's io_uring subsystem arises from an incorrect reference assignment in the io_link_skb function. Specifically, the parameter 'prev_notif' inadvertently uses 'nd' instead of the proper 'prev_nd' for context validation checks. This flaw compromises the ability to correctly compare the current notification against the previous one, potentially leading to unexpected behavior in notification handling. The issue has been addressed by ensuring the correct parameter is utilized, reinforcing the security measures in place for notification processing.

Affected Version(s)

Linux 6fe4220912d19152a26ce19713ab232f4263018d

Linux 6fe4220912d19152a26ce19713ab232f4263018d < 50a98ce1ea694f1ff8e87bc2f8f84096d1736f6a

Linux 6fe4220912d19152a26ce19713ab232f4263018d < 2c139a47eff8de24e3350dadb4c9d5e3426db826

References

https://git.kernel.org/stable/c/a89c34babc2e5834aa0905278...

https://git.kernel.org/stable/c/50a98ce1ea694f1ff8e87bc2f...

https://git.kernel.org/stable/c/2c139a47eff8de24e3350dadb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON