CVE-2025-37804

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: always do atomic put from iowq io_uring always switches requests to atomic refcounting for iowq execution before there is any parallilism by setting REQ_F_REFCOUNT, and the flag is not cleared until the request completes. That should be fine as long as the compiler doesn't make up a non existing value for the flags, however KCSAN still complains when the request owner changes oter flag bits: BUG: KCSAN: data-race in io_req_task_cancel / io_wq_free_work ... read to 0xffff888117207448 of 8 bytes by task 3871 on cpu 0: req_ref_put_and_test io_uring/refs.h:22 [inline] Skip REQ_F_REFCOUNT checks for iowq, we know it's set.

Reserved 2025-04-16 | Published 2025-05-08 | Updated 2025-05-12 | Assigner Linux

Product status

Default status
unaffected

2b188cc1bb857a9d4701ae59aa7768b5124e262e before c5d4d103005d8926cdad344f9fc947e651c9f2f7
affected

2b188cc1bb857a9d4701ae59aa7768b5124e262e before 3568fd9e440ea393c7d8bee253419ea11fd8e9d9
affected

2b188cc1bb857a9d4701ae59aa7768b5124e262e before 6d2753b46452a557a12f7ef1ef4ee6641b4e89d8
affected

2b188cc1bb857a9d4701ae59aa7768b5124e262e before 390513642ee6763c7ada07f0a1470474986e6c1c
affected

Default status
affected

5.1
affected

Any version before 5.1
unaffected

6.6.89
unaffected

6.12.26
unaffected

6.14.5
unaffected

6.15-rc1
unaffected

References

git.kernel.org/...c/c5d4d103005d8926cdad344f9fc947e651c9f2f7

git.kernel.org/...c/3568fd9e440ea393c7d8bee253419ea11fd8e9d9

git.kernel.org/...c/6d2753b46452a557a12f7ef1ef4ee6641b4e89d8

git.kernel.org/...c/390513642ee6763c7ada07f0a1470474986e6c1c

cve.org (CVE-2025-37804)

nvd.nist.gov (CVE-2025-37804)

Download JSON