CVE-2025-23154
Published: May 1, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix io_req_post_cqe abuse by send bundle [ 114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0 [ 114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0 [ 115.001880][ T5313] Call Trace: [ 115.002222][ T5313] <TASK> [ 115.007813][ T5313] io_send+0x4fe/0x10f0 [ 115.009317][ T5313] io_issue_sqe+0x1a6/0x1740 [ 115.012094][ T5313] io_wq_submit_work+0x38b/0xed0 [ 115.013223][ T5313] io_worker_handle_work+0x62a/0x1600 [ 115.013876][ T5313] io_wq_worker+0x34f/0xdf0 As the comment states, io_req_post_cqe() should only be used by multishot requests, i.e. REQ_F_APOLL_MULTISHOT, which bundled sends are not. Add a flag signifying whether a request wants to post multiple CQEs. Eventually REQ_F_APOLL_MULTISHOT should imply the new flag, but that's left out for simplicity.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected a05d1f625c7aa681d8816bc0f10089289ad07aad - < b7c6d081c19a5e11bbd77bb97a62cff2b6b21cb5affected a05d1f625c7aa681d8816bc0f10089289ad07aad - < 7888c9fc0b2d3636f2e821ed1ad3c6920fa8e378affected a05d1f625c7aa681d8816bc0f10089289ad07aad - < 9aa804e6b9696998308095fb9d335046a71550f1affected a05d1f625c7aa681d8816bc0f10089289ad07aad - < 6889ae1b4df1579bcdffef023e2ea9a982565dff |
Linux | Linux | affected 6.10unaffected 0 - < 6.10unaffected 6.12.24 - <= 6.12.*unaffected 6.13.12 - <= 6.13.*unaffected 6.14.3 - <= 6.14.*+1 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now