PT-2025-22168 · Linux+4 · Linux Kernel+4

Publicado

2025-04-25

Atualizado

2026-04-20

CVE-2025-37906

CVSS v2.0

6.0

Média

Vetor

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists between io uring cmd complete in task and ublk cancel cmd in the Linux kernel. The ublk cancel cmd() function calls io uring cmd done() to complete the uring cmd, but a kernel crash can be triggered if task work is scheduled via io uring cmd complete in task() for dispatching a request while trying to cancel the command. This issue is resolved by not attempting to cancel the command if the ublk block request is started.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-366CWE-404CWE-362

Identificadores relacionados

BDU:2026-03284

CVE-2025-37906

USN-7649-1

USN-7649-2

USN-7650-1

USN-7665-1

USN-7665-2

USN-7721-1

Produtos afetados

Astra Linux

Debian

Linuxmint

Linux Kernel

Ubuntu

PT-2025-22168 · Linux+4 · Linux Kernel+4

CVE-2025-37906

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 144