CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21863: io_uring: prevent opcode speculation

Description

In the Linux kernel, the following vulnerability has been resolved:

io_uring: prevent opcode speculation

sqe->opcode is used for different tables, make sure we santitise it
against speculations.

Classification

CVE ID: CVE-2025-21863

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.2% (scored less or equal to compared to others)

EPSS Date: 2025-04-10 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21863
https://git.kernel.org/stable/c/b9826e3b26ec031e9063f64a7c735449c43955e4
https://git.kernel.org/stable/c/506b9b5e8c2d2a411ea8fe361333f5081c56d23a
https://git.kernel.org/stable/c/fdbfd52bd8b85ed6783365ff54c82ab7067bd61b
https://git.kernel.org/stable/c/1e988c3fe1264708f4f92109203ac5b1d65de50b

Timeline