CVE-2025-21836Use After Free in Linux

CWE-416Use After Free25 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 7
Latest updateNov 21

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.196.6.79+3
Debianlinux/linux_kernel< 6.12.16-1+1
Ubuntulinux/linux_kernel< 6.8.0-78.78
CVEListV5linux/linux2fcabce2d7d34f69a888146dab15b36a917f09d4146a185f6c05ee263db715f860620606303c4633+4
debiandebian/linux< linux 6.12.16-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

11
OSV
linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities2025-09-03
OSV
linux-gke, linux-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi vulnerabilities2025-08-28
OSV
linux-raspi-realtime vulnerabilities2025-08-26
OSV
linux-oracle, linux-oracle-6.8 vulnerabilities2025-08-21
OSV
linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gkeop, linux-ibm, linux-ibm-6.8 vulnerabilities2025-08-20

📋Vendor Advisories

13
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-132232025-11-21
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-218362025-10-10
Ubuntu
Linux kernel (Azure) vulnerabilities2025-09-03
Ubuntu
Linux kernel vulnerabilities2025-08-28
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-08-26