摘要:
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: require cloned buffers to share accounting contexts
When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring
instance A to uring instance B, where A and B use different MMs for
accounting, the accounting can go wrong:
If uring instance A is closed before uring instance B, the pinned memory
counters for uring instance B will be decremented, even though the pinned
memory was originally accounted through uring instance A; so the MM of
uring instance B can end up with negative locked memory.
安全等级: Low
公告ID: KylinSec-SA-2025-1101
发布日期: 2025年2月16日
关联CVE: CVE-2025-21686
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: require cloned buffers to share accounting contexts
When IORING_REGISTER_CLONE_BUFFERS is used to clone buffers from uring
instance A to uring instance B, where A and B use different MMs for
accounting, the accounting can go wrong:
If uring instance A is closed before uring instance B, the pinned memory
counters for uring instance B will be decremented, even though the pinned
memory was originally accounted through uring instance A; so the MM of
uring instance B can end up with negative locked memory.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-21686 | KY3.4-5 | kernel | Unaffected |
| CVE-2025-21686 | V6 | kernel | Unaffected |
