{"id":"CVE-2025-21836","summary":"io_uring/kbuf: reallocate buf lists on upgrade","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: reallocate buf lists on upgrade\n\nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it\nwas created for legacy selected buffer and has been emptied. It violates\nthe requirement that most of the field should stay stable after publish.\nAlways reallocate it instead.","modified":"2026-05-07T04:17:40.471445Z","published":"2025-03-07T09:09:56.127Z","related":["SUSE-SU-2025:01614-1","SUSE-SU-2025:01707-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20206-1","SUSE-SU-2025:20270-1","SUSE-SU-2025:20283-1","USN-7521-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21836.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/146a185f6c05ee263db715f860620606303c4633"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2a5febbef40ce968e295a7aeaa5d5cbd9e3e5ad4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7d0dc28dae836caf7645fef62a10befc624dd17b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8802766324e1f5d414a81ac43365c20142e85603"},{"type":"WEB","url":"https://u1f383.github.io/slides/talks/2025_Hexacon-Deja_Vu_in_Linux_io_uring_Breaking_Memory_Sharing_Again_After_Generations_of_Fixes.pdf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21836.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21836"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2fcabce2d7d34f69a888146dab15b36a917f09d4"},{"fixed":"146a185f6c05ee263db715f860620606303c4633"},{"fixed":"7d0dc28dae836caf7645fef62a10befc624dd17b"},{"fixed":"2a5febbef40ce968e295a7aeaa5d5cbd9e3e5ad4"},{"fixed":"8802766324e1f5d414a81ac43365c20142e85603"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21836.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.19.0"},{"fixed":"6.6.79"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.13.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21836.json"}}],"schema_version":"1.7.5"}