vulnerability
Red Hat: CVE-2025-21655: kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:N/I:N/A:C) | Jan 20, 2025 | Jan 27, 2026 | Jan 27, 2026 |
Severity
4
CVSS
(AV:L/AC:M/Au:S/C:N/I:N/A:C)
Published
Jan 20, 2025
Added
Jan 27, 2026
Modified
Jan 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
io_eventfd_do_signal() is invoked from an RCU callback, but when
dropping the reference to the io_ev_fd, it calls io_eventfd_free()
directly if the refcount drops to zero. This isn't correct, as any
potential freeing of the io_ev_fd should be deferred another RCU grace
period.
Just call io_eventfd_put() rather than open-code the dec-and-test and
free, which will correctly defer it another RCU grace period.
Solutions
redhat-upgrade-kernelredhat-upgrade-kernel-rt
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.