CVE-2025-21836

Опубликовано: 07 мар. 2025

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

io_uring/kbuf: reallocate buf lists on upgrade

IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.19 (включая) до 6.6.79 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.12.16 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.13 (включая) до 6.13.4 (исключая)

cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00029

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2025-21836

CVSS3: 5.5

ubuntu

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead.

CVE-2025-21836

CVSS3: 6.1

redhat

8 месяцев назад

CVE-2025-21836

CVSS3: 5.5

debian

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

GHSA-wh23-v966-32jj

CVSS3: 5.5

github

8 месяцев назад

SUSE-SU-2025:01707-1

suse-cvrf

5 месяцев назад

Security update for the Linux Kernel

EPSS

Процентиль: 7%

0.00029

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo