APPLIED: [SRU][N][PATCH 0/1] CVE-2025-39698
Mehmet Basaran
mehmet.basaran at canonical.com
Sat Dec 13 10:10:50 UTC 2025
Applied to noble:linux master-next branch. Thanks.
-------------- next part --------------
Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com> writes:
> https://ubuntu.com/security/CVE-2025-39698
>
> [ Impact ]
>
> io_uring/futex: ensure io_futex_wait() cleans up properly on failure
>
> The io_futex_data is allocated upfront and assigned to the io_kiocb
> async_data field, but the request isn't marked with REQ_F_ASYNC_DATA
> at that point. Those two should always go together, as the flag tells
> io_uring whether the field is valid or not.
>
> Additionally, on failure cleanup, the futex handler frees the data but
> does not clear ->async_data. Clear the data and the flag in the error
> path as well.
>
> [ Fix ]
>
> Backport the fix commit from upstream:
> * 508c1314b342b io_uring/futex: ensure io_futex_wait() cleans up properly on failure
>
> [ Test Plan ]
>
> Compile tested.
>
> [ Regression Potential ]
>
> A regression here is unlikely due to the very limited scope
> of the patch.
>
> [ Other Info ]
>
> Plucky not fixed because it's EOL.
>
> Jens Axboe (1):
> io_uring/futex: ensure io_futex_wait() cleans up properly on failure
>
> io_uring/futex.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> --
> 2.51.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251213/015fe973/attachment.sig>
More information about the kernel-team
mailing list