CVE-2025-39698
- Source
- https://cve.org/CVERecord?id=CVE-2025-39698
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39698.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39698
- Downstream
- Related
- Published
- 2025-09-05T17:21:04.360Z
- Modified
- 2026-05-15T11:53:46.902412283Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- io_uring/futex: ensure io_futex_wait() cleans up properly on failure
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iouring/futex: ensure iofutex_wait() cleans up properly on failure
The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should always go together, as the flag tells iouring whether the field is valid or not.
Additionally, on failure cleanup, the futex handler frees the data but does not clear ->async_data. Clear the data and the flag in the error path as well.
Thanks to Trend Micro Zero Day Initiative and particularly ReDress for reporting this.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39698.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/508c1314b342b78591f51c4b5dadee31a88335df
- https://git.kernel.org/stable/c/d34c04152df517c59979b4bf2a47f491e06d3256
- https://git.kernel.org/stable/c/d9f93172820a53ab42c4b0e5e65291f4f9d00ad2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39698.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39698
- https://www.zerodayinitiative.com/advisories/ZDI-25-915/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git