CVE - CVE-2025-21836

CVE-ID
CVE-2025-21836	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/146a185f6c05ee263db715f860620606303c4633 URL:https://git.kernel.org/stable/c/146a185f6c05ee263db715f860620606303c4633 MISC:https://git.kernel.org/stable/c/2a5febbef40ce968e295a7aeaa5d5cbd9e3e5ad4 URL:https://git.kernel.org/stable/c/2a5febbef40ce968e295a7aeaa5d5cbd9e3e5ad4 MISC:https://git.kernel.org/stable/c/7d0dc28dae836caf7645fef62a10befc624dd17b URL:https://git.kernel.org/stable/c/7d0dc28dae836caf7645fef62a10befc624dd17b MISC:https://git.kernel.org/stable/c/8802766324e1f5d414a81ac43365c20142e85603 URL:https://git.kernel.org/stable/c/8802766324e1f5d414a81ac43365c20142e85603
Assigning CNA
kernel.org
Date Record Created
20241229	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241229)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)