CVE-2025-71149

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-71149
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71149.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-71149
Downstream
Related
Published
2026-01-23T14:15:15.878Z
Modified
2026-03-23T05:04:31.355465960Z
Summary
io_uring/poll: correctly handle io_poll_add() return value on update
Details

In the Linux kernel, the following vulnerability has been resolved:

iouring/poll: correctly handle iopoll_add() return value on update

When the core of iouring was updated to handle completions consistently and with fixed return codes, the POLLREMOVE opcode with updates got slightly broken. If a POLLADD is pending and then POLLREMOVE is used to update the events of that request, if that update causes the POLL_ADD to now trigger, then that completion is lost and a CQE is never posted.

Additionally, ensure that if an update does cause an existing POLLADD to complete, that the completion value isn't always overwritten with -ECANCELED. For that case, whatever iopoll_add() set the value to should just be retained.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71149.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
97b388d70b53fd7d286ac1b81e5a88bd6af98209
Fixed
8b777ab48441b153502772ecfc78c107d4353f29
Fixed
0126560370ed5217958b85657b590ad25e8b9c00
Fixed
c1669c03bfbc2a9b5ebff4428eecebe734c646fe
Fixed
13a8f7b88c2d40c6b33f6216190478dda95d385f
Fixed
84230ad2d2afbf0c44c32967e525c0ad92e26b4e

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71149.json"