ACK: [SRU][N][PATCH 0/1] CVE-2025-39698
Tim Whisonant
tim.whisonant at canonical.com
Tue Dec 2 02:37:08 UTC 2025
On Wed, Nov 26, 2025 at 11:50:19AM +0100, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2025-39698
>
> [ Impact ]
>
> io_uring/futex: ensure io_futex_wait() cleans up properly on failure
>
> The io_futex_data is allocated upfront and assigned to the io_kiocb
> async_data field, but the request isn't marked with REQ_F_ASYNC_DATA
> at that point. Those two should always go together, as the flag tells
> io_uring whether the field is valid or not.
>
> Additionally, on failure cleanup, the futex handler frees the data but
> does not clear ->async_data. Clear the data and the flag in the error
> path as well.
>
> [ Fix ]
>
> Backport the fix commit from upstream:
> * 508c1314b342b io_uring/futex: ensure io_futex_wait() cleans up properly on failure
>
> [ Test Plan ]
>
> Compile tested.
>
> [ Regression Potential ]
>
> A regression here is unlikely due to the very limited scope
> of the patch.
>
> [ Other Info ]
>
> Plucky not fixed because it's EOL.
>
> Jens Axboe (1):
> io_uring/futex: ensure io_futex_wait() cleans up properly on failure
>
> io_uring/futex.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> --
> 2.51.0
>
>
Acked-by: Tim Whisonant <tim.whisonant at canonical.com>
More information about the kernel-team
mailing list