CVE-2025-71149
MEDIUMLinux kernel - Info Disclosure
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions consistently and with fixed return codes, the POLL_REMOVE opcode with updates got slightly broken. If a POLL_ADD is pending and then POLL_REMOVE is used to update the events of that request, if that update causes the POLL_ADD to now trigger, then that completion is lost and a CQE is never posted. Additionally, ensure that if an update does cause an existing POLL_ADD to complete, that the completion value isn't always overwritten with -ECANCELED. For that case, whatever io_poll_add() set the value to should just be retained.
References (5)
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
3.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Classification
Status
published
Affected Products (5)
linux/Kernel
< 6.1.160linux
linux/Kernel
< 6.6.120linux
linux/Kernel
< 6.12.64linux
linux/Kernel
< 6.18.3linux
linux/linux_kernel
< 6.1.160
Timeline
Published
Jan 23, 2026
Tracked Since
Feb 18, 2026