DEBIAN-CVE-2025-21836

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2025-21836

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-21836.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-21836

Upstream

CVE-2025-21836

Published

2025-03-07T09:15:16Z

Modified

2025-09-19T06:18:34Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: reallocate buf lists on upgrade IORINGREGISTERPBUFRING can reuse an old struct iobufferlist if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead.

References

https://security-tracker.debian.org/tracker/CVE-2025-21836

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}