{"id":"CVE-2025-39698","summary":"io_uring/futex: ensure io_futex_wait() cleans up properly on failure","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/futex: ensure io_futex_wait() cleans up properly on failure\n\nThe io_futex_data is allocated upfront and assigned to the io_kiocb\nasync_data field, but the request isn't marked with REQ_F_ASYNC_DATA\nat that point. Those two should always go together, as the flag tells\nio_uring whether the field is valid or not.\n\nAdditionally, on failure cleanup, the futex handler frees the data but\ndoes not clear -\u003easync_data. Clear the data and the flag in the error\npath as well.\n\nThanks to Trend Micro Zero Day Initiative and particularly ReDress for\nreporting this.","modified":"2026-05-15T11:53:46.902412283Z","published":"2025-09-05T17:21:04.360Z","related":["ALSA-2025:16880","ALSA-2025:16904","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2026:20635-1","SUSE-SU-2026:20644-1","SUSE-SU-2026:20645-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39698.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/508c1314b342b78591f51c4b5dadee31a88335df"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d34c04152df517c59979b4bf2a47f491e06d3256"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d9f93172820a53ab42c4b0e5e65291f4f9d00ad2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39698.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39698"},{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-25-915/"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.44"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.16.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39698.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}