CVE-2025-21686

10.02.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

io_uring/rsrc: require cloned buffers to share accounting contexts

When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring
instance A to uring instance B, where A and B use different MMs for
accounting, the accounting can go wrong:
If uring instance A is closed before uring instance B, the pinned memory
counters for uring instance B will be decremented, even though the pinned
memory was originally accounted through uring instance A; so the MM of
uring instance B can end up with negative locked memory.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.129-1 not-affected
bullseye (security)	5.10.234-1 fixed
bookworm (security)	6.1.128-1 fixed
trixie	6.12.20-1 fixed
sid	6.12.21-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und um seine Privilegien zu eskalieren.
Published: 2025-02-10T23:00:00+00:00

References

https://git.kernel.org/stable/c/19d340a2988d4f3e673cded9dde405d727d7e248

https://git.kernel.org/stable/c/cafc60ae35f82ebf156b3245f979ca61cbb8e42c

https://git.kernel.org/stable/c/efd96fbe23fa87de39116f632401f67b93be21ab