CVE-2025-21686 Information

Feb 11, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

io_uring/rsrc: require cloned buffers to share accounting contexts

When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring instance A to uring instance B where A and B use different MMs for accounting the accounting can go wrong: If uring instance A is closed before uring instance B the pinned memory counters for uring instance B will be decremented even though the pinned memory was originally accounted through uring instance A; so the MM of uring instance B can end up with negative locked memory.

Reference

https://git.kernel.org/stable/c/19d340a2988d4f3e673cded9dde405d727d7e248 https://git.kernel.org/stable/c/cafc60ae35f82ebf156b3245f979ca61cbb8e42c https://git.kernel.org/stable/c/efd96fbe23fa87de39116f632401f67b93be21ab

Share on: