THREAT OPS › Threat News › [NVD] CVE-2025-21655 (MEDIUM 4.7) — In the Linux kernel, the following vulnerability has been resolved:
io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
io_eventfd_do_signal() is invoked from an RCU callback, but when
dropping the reference to the io_ev_fd, it calls io_eventfd_free()
directl
[NVD] CVE-2025-21655 (MEDIUM 4.7) — In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directl
CVE-2025-21655 CVSS: 4.7 MEDIUM Published: 2025-01-20T14:15:27.027
In the Linux kernel, the following vulnerability has been resolved:
io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct,
Indicators of compromise
- CVE-2025-21655cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-21655