2402718 – (CVE-2025-39963) CVE-2025-39963 kernel: io_uring: fix incorrect io_kiocb reference in io_link_skb

Bug 2402718 (CVE-2025-39963) - CVE-2025-39963 kernel: io_uring: fix incorrect io_kiocb reference in io_link_skb

Summary: CVE-2025-39963 kernel: io_uring: fix incorrect io_kiocb reference in io_link_skb

Keywords:
Status:	NEW
Alias:	CVE-2025-39963
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-09 13:01 UTC by OSIDB Bzimport
Modified:	2026-03-25 15:51 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-09 13:01:41 UTC

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix incorrect io_kiocb reference in io_link_skb

In io_link_skb function, there is a bug where prev_notif is incorrectly
assigned using 'nd' instead of 'prev_nd'. This causes the context
validation check to compare the current notification with itself instead
of comparing it with the previous notification.

Fix by using the correct prev_nd parameter when obtaining prev_notif.

Comment 1 Alexander B 2025-12-23 14:39:57 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100917-CVE-2025-39963-b0ff@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.