AZL-75147

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75147.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-75147

Upstream

CVE-2025-71149

Published

2026-01-23T15:16:05Z

Modified

2026-04-01T05:22:25.356463Z

Summary

CVE-2025-71149 affecting package kernel for versions less than 6.6.121.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

iouring/poll: correctly handle iopoll_add() return value on update

When the core of iouring was updated to handle completions consistently and with fixed return codes, the POLLREMOVE opcode with updates got slightly broken. If a POLLADD is pending and then POLLREMOVE is used to update the events of that request, if that update causes the POLL_ADD to now trigger, then that completion is lost and a CQE is never posted.

Additionally, ensure that if an update does cause an existing POLLADD to complete, that the completion value isn't always overwritten with -ECANCELED. For that case, whatever iopoll_add() set the value to should just be retained.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-71149

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.121.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75147.json"