### [CVE-2025-21655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21655)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=21a091b970cdbcf3e8ff829234b51be6f9192766%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:io_uring/eventfd: ensure io_eventfd_signal() defers another RCU periodio_eventfd_do_signal() is invoked from an RCU callback, but whendropping the reference to the io_ev_fd, it calls io_eventfd_free()directly if the refcount drops to zero. This isn't correct, as anypotential freeing of the io_ev_fd should be deferred another RCU graceperiod.Just call io_eventfd_put() rather than open-code the dec-and-test andfree, which will correctly defer it another RCU grace period.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/oogasawa/Utility-security
- https://github.com/w4zu/Debian_security