CVE-2025-71149 — Return of Wrong Status Code in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 23
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: correctly handle io_poll_add() return value on update
When the core of io_uring was updated to handle completions
consistently and with fixed return codes, the POLL_REMOVE opcode
with updates got slightly broken. If a POLL_ADD is pending and
then POLL_REMOVE is used to update the events of that request, if that
update causes the POLL_ADD to now trigger, then that completion is lost
and a CQE is never posted.
Ad…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages15 packages
▶CVEListV5linux/linux97b388d70b53fd7d286ac1b81e5a88bd6af98209 — 8b777ab48441b153502772ecfc78c107d4353f29+5
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-4g6c-c5fr-62mx: In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: correctly handle io_poll_add() return value on update
When the co↗2026-01-23
OSV▶
CVE-2025-71149: In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core↗2026-01-23