CVE-2025-37906

In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd ublk_cancel_cmd() calls io_uring_cmd_done() to complete uring_cmd, but we may have scheduled task work via io_uring_cmd_complete_in_task() for dispatching request, then kernel crash can be triggered. Fix it by not trying to canceling the command if ublk block request is started.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/f40139fde5278d81af3227444fd6e76a76b9506d	Patch
https://git.kernel.org/stable/c/fb2eb9ddf556f93fef45201e1f9d2b8674bcc975	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc3::::::

History

17 Nov 2025, 18:10

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/f40139fde5278d81af3227444fd6e76a76b9506d -~~	() https://git.kernel.org/stable/c/f40139fde5278d81af3227444fd6e76a76b9506d - Patch
References	~~() https://git.kernel.org/stable/c/fb2eb9ddf556f93fef45201e1f9d2b8674bcc975 -~~	() https://git.kernel.org/stable/c/fb2eb9ddf556f93fef45201e1f9d2b8674bcc975 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ublk: se corrige la ejecución entre io_uring_cmd_complete_in_task y ublk_cancel_cmd. ublk_cancel_cmd() llama a io_uring_cmd_done() para completar uring_cmd, pero es posible que hayamos programado el trabajo de la tarea mediante io_uring_cmd_complete_in_task() para el envío de la solicitud, lo que puede provocar un fallo del kernel. Para solucionarlo, no intente cancelar el comando si se inicia la solicitud de bloqueo de ublk.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
CWE		CWE-362
CPE		cpe:2.3:o:linux:linux_kernel:6.15:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc2:::::: cpe:2.3:o:linux:linux_kernel::::::::

20 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-20 16:15

Updated : 2025-11-17 18:10

NVD link : CVE-2025-37906

Mitre link : CVE-2025-37906

CVE.ORG link : CVE-2025-37906

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.7 /10