What is the severity of CVE-2025-21633?

CVE-2025-21633 has been classified as a high severity vulnerability in the Linux kernel.

How do I fix CVE-2025-21633?

To fix CVE-2025-21633, update your Linux kernel to the latest stable version that includes the patch.

What systems are affected by CVE-2025-21633?

CVE-2025-21633 affects various versions of the Linux kernel utilized across multiple Linux distributions.

What type of vulnerability is CVE-2025-21633?

CVE-2025-21633 is categorized as a memory management issue leading to a use-after-free condition in the Linux kernel.

Is there any known exploit for CVE-2025-21633?

As of now, there are no public exploits specifically targeting CVE-2025-21633 reported.

Vulnerability/
CVE-2025-21633

high

7.8

CWE

416

EPSS

0.043%

19/1/2025

13/2/2025

CVE-2025-21633: io_uring/sqpoll: zero sqd->thread on tctx errors

First published: Sun Jan 19 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: zero sqd->thread on tctx errors Syzkeller reports: BUG: KASAN: slab-use-after-free in thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 Read of size 8 at addr ffff88803578c510 by task syz.2.3223/27552 Call Trace: <TASK> ... kasan_report+0x143/0x180 mm/kasan/report.c:602 thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 thread_group_cputime_adjusted+0xa6/0x340 kernel/sched/cputime.c:639 getrusage+0x1000/0x1340 kernel/sys.c:1863 io_uring_show_fdinfo+0xdfe/0x1770 io_uring/fdinfo.c:197 seq_show+0x608/0x770 fs/proc/fd.c:68 ... That's due to sqd->task not being cleared properly in cases where SQPOLL task tctx setup fails, which can essentially only happen with fault injection to insert allocation errors.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Red Hat Kernel-devel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21633?
CVE-2025-21633 has been classified as a high severity vulnerability in the Linux kernel.
How do I fix CVE-2025-21633?
To fix CVE-2025-21633, update your Linux kernel to the latest stable version that includes the patch.
What systems are affected by CVE-2025-21633?
CVE-2025-21633 affects various versions of the Linux kernel utilized across multiple Linux distributions.
What type of vulnerability is CVE-2025-21633?
CVE-2025-21633 is categorized as a memory management issue leading to a use-after-free condition in the Linux kernel.
Is there any known exploit for CVE-2025-21633?
As of now, there are no public exploits specifically targeting CVE-2025-21633 reported.

agent/type
agent/first-publish-date
agent/title
agent/weakness
agent/author
agent/references
agent/description
agent/source
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/event
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/linux
canonical/red hat kernel-devel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.