CVE-2025-71149
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/01/2026
Last modified:
26/02/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
io_uring/poll: correctly handle io_poll_add() return value on update<br />
<br />
When the core of io_uring was updated to handle completions<br />
consistently and with fixed return codes, the POLL_REMOVE opcode<br />
with updates got slightly broken. If a POLL_ADD is pending and<br />
then POLL_REMOVE is used to update the events of that request, if that<br />
update causes the POLL_ADD to now trigger, then that completion is lost<br />
and a CQE is never posted.<br />
<br />
Additionally, ensure that if an update does cause an existing POLL_ADD<br />
to complete, that the completion value isn&#39;t always overwritten with<br />
-ECANCELED. For that case, whatever io_poll_add() set the value to<br />
should just be retained.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.0 (including) | 6.1.160 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.120 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.64 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0126560370ed5217958b85657b590ad25e8b9c00
- https://git.kernel.org/stable/c/13a8f7b88c2d40c6b33f6216190478dda95d385f
- https://git.kernel.org/stable/c/84230ad2d2afbf0c44c32967e525c0ad92e26b4e
- https://git.kernel.org/stable/c/8b777ab48441b153502772ecfc78c107d4353f29
- https://git.kernel.org/stable/c/c1669c03bfbc2a9b5ebff4428eecebe734c646fe