In the Linux kernel, the following vulnerability has been resolved:
io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo()
Not everything requires locking in there, which is why the 'has_lock'
variable exists. But enough does that it's a bit unwieldy to manage.
Wrap the whole thing in a ->uring_lock trylock, and just return
with no output if we fail to grab it. The existing trylock() will
already have greatly diminished utility/output for the failure case.
This fixes an issue with reading the SQE fields, if the ring is being
actively resized at the same time.
CVSS
No CVSS.
References
Configurations
No configuration.
History
09 Jun 2025, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-06 14:15
Updated : 2025-06-09 12:15
NVD link : CVE-2025-38002
Mitre link : CVE-2025-38002
CVE.ORG link : CVE-2025-38002
JSON object : View
Products Affected
No product.
CWE
No CWE.