CVE-2025-40047
Linux Kernel 6.7-6.12.53 6.13-6.17.3 - Use-After-Free in io_uring Wait Queue Handling
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with another invocation of the wait queue entry callback.
References (3)
Core 3
Scores
EPSS
0.0019
EPSS Percentile
9.3%
Details
Status
published
Products (10)
linux/Kernel
6.13.0 - 6.17.3linux
linux/Kernel
6.7.0 - 6.12.53linux
Linux/Linux
< 6.7
Linux/Linux
6.12.53 - 6.12.*
Linux/Linux
6.17.3 - 6.17.*
Linux/Linux
6.18
Linux/Linux
6.7
Linux/Linux
f31ecf671ddc498f20219453395794ff2383e06b - 2f8229d53d984c6a05b71ac9e9583d4354e3b91f
Linux/Linux
f31ecf671ddc498f20219453395794ff2383e06b - 3e2205db2f0608898d535da1964e1b376aacfdaa
Linux/Linux
f31ecf671ddc498f20219453395794ff2383e06b - 696ba6032081e617564a8113a001b8d7943cb928
Published
Oct 28, 2025
Tracked Since
Feb 18, 2026