Volerion logoVolerion
Volerion logoVolerion

Linux Kernel io_uring Wait Queue Pruning Vulnerability

Vulnerability

A vulnerability in the Linux kernel's io_uring implementation has been addressed. The issue involved the wait queue management in the 'io_waitid_wait' function. Previously, when a cancellation was in progress, the function would skip removing the wait queue entry, leading to a potential race condition with another callback invocation. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to a race condition, where the wait queue entry management could be improperly handled, potentially causing unexpected behavior in applications using io_uring.

Reproduction

The vulnerability can be reproduced by invoking the 'IORING_OP_WAITID' operation in io_uring while a cancellation is in progress. This will create a race condition where the wait queue entry is not properly pruned, allowing for potential inconsistencies in the wait queue management.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.

Added: Oct 28, 2025, 1:03 PM
Updated: Oct 28, 2025, 1:03 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
3.9
remediation
7.7
relevance
0.9
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.