mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.3 KiB
1.3 KiB
CVE-2025-39698
Description
In the Linux kernel, the following vulnerability has been resolved:io_uring/futex: ensure io_futex_wait() cleans up properly on failureThe io_futex_data is allocated upfront and assigned to the io_kiocbasync_data field, but the request isn't marked with REQ_F_ASYNC_DATAat that point. Those two should always go together, as the flag tellsio_uring whether the field is valid or not.Additionally, on failure cleanup, the futex handler frees the data butdoes not clear ->async_data. Clear the data and the flag in the errorpath as well.Thanks to Trend Micro Zero Day Initiative and particularly ReDress forreporting this.
POC
Reference
No PoCs from references.