CVE-2025-71149

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> io_uring/poll: correctly handle io_poll_add() return value on update<br /> <br /> When the core of io_uring was updated to handle completions<br /> consistently and with fixed return codes, the POLL_REMOVE opcode<br /> with updates got slightly broken. If a POLL_ADD is pending and<br /> then POLL_REMOVE is used to update the events of that request, if that<br /> update causes the POLL_ADD to now trigger, then that completion is lost<br /> and a CQE is never posted.<br /> <br /> Additionally, ensure that if an update does cause an existing POLL_ADD<br /> to complete, that the completion value isn&amp;#39;t always overwritten with<br /> -ECANCELED. For that case, whatever io_poll_add() set the value to<br /> should just be retained.