#VU105676 Input validation error in Linux kernel - CVE-2025-21863

Cybersecurity Help s.r.o.

Published: 2025-03-12

Vulnerability identifier: #VU105676

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21863

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the io_init_req() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/1e988c3fe1264708f4f92109203ac5b1d65de50b
https://git.kernel.org/stable/c/506b9b5e8c2d2a411ea8fe361333f5081c56d23a
https://git.kernel.org/stable/c/b9826e3b26ec031e9063f64a7c735449c43955e4
https://git.kernel.org/stable/c/fdbfd52bd8b85ed6783365ff54c82ab7067bd61b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 24.03 LTS update for kernel

openEuler 24.03 LTS SP1 update for kernel

Input validation error in Linux kernel io_uring