mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.2 KiB
1.2 KiB
CVE-2025-21655
Description
In the Linux kernel, the following vulnerability has been resolved:io_uring/eventfd: ensure io_eventfd_signal() defers another RCU periodio_eventfd_do_signal() is invoked from an RCU callback, but whendropping the reference to the io_ev_fd, it calls io_eventfd_free()directly if the refcount drops to zero. This isn't correct, as anypotential freeing of the io_ev_fd should be deferred another RCU graceperiod.Just call io_eventfd_put() rather than open-code the dec-and-test andfree, which will correctly defer it another RCU grace period.
POC
Reference
No PoCs from references.