Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORING_SQ_TASKRUN to happen in the small window of swapping into the new rings and the old rings being freed. Prevent this by adding a 2nd ->rings pointer, ->rings_rcu, which is protected by RCU. The task work flags manipulation is inside RCU already, and if the resize ring freeing is done post an RCU synchronize, then there's no need to add locking to the fast path of task work additions. Note: this is only done for DEFER_TASKRUN, as that's the only setup mode that supports ring resizing. If this ever changes, then they too need to use the io_ctx_mark_taskrun() helper.

INFO

Published Date :

2026-03-20T08:08:55.857Z

Last Modified :

2026-03-20T08:08:55.857Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23275 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23275.

URL Resource
https://git.kernel.org/stable/c/46dc07d5f31411cc023f3bf1f4a23a07bf6e0ed1 cve-icon cve-icon
https://git.kernel.org/stable/c/7cc4530b3e952d4a5947e1e55d06620d8845d4f5 cve-icon cve-icon
https://git.kernel.org/stable/c/96189080265e6bb5dde3a4afbaf947af493e3f82 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026032035-CVE-2026-23275-33fe@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23275 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23275 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact