THREATOPS
THREAT OPSThreat News › [NVD] CVE-2025-21655 (MEDIUM 4.7) — In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directl

[NVD] CVE-2025-21655 (MEDIUM 4.7) — In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directl

lownvdPublished 2025-01-20

CVE-2025-21655 CVSS: 4.7 MEDIUM Published: 2025-01-20T14:15:27.027

In the Linux kernel, the following vulnerability has been resolved:

io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period

io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct,

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-21655