Linux Kernel io_uring Multishot Accept Request Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's io_uring implementation has been addressed, concerning leaks of multishot accept requests. When the REQ_F_POLLED flag is set, it does not ensure that the request is processed as multishot in the polling path. This discrepancy can lead to unintentional request leaks, as the system may incorrectly assume a multishot issue and request to skip completion, causing the request to be lost. The vulnerability has been fixed by using issue_flags to properly mark multipoll-related concerns.

Impact

The vulnerability could lead to a leak of accept requests, causing them to be lost and not properly completed, which could disrupt normal operations that rely on these requests being processed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel io_uring Multishot Accept Request Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating