CVE-2025-37804

CVSS v2.0

4.3

Medium

Vector

AV:A/AC:H/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A data-race issue has been identified in the Linux kernel related to io uring. The issue arises when the request owner changes other flag bits, causing KCSAN to complain. The problem occurs because io uring switches requests to atomic refcounting for iowq execution before any parallelism, setting REQ F REFCOUNT, and this flag is not cleared until the request completes. To resolve this, the code now skips REQ F REFCOUNT checks for iowq, as it is known to be set.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911

Related Identifiers

BDU:2025-10367

CVE-2025-37804

ECHO-F0DD-63E6-D777

MGASA-2025-0182

MGASA-2025-0183

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:01967-1

SUSE-SU-2025:01972-1

SUSE-SU-2025:02000-1

SUSE-SU-2025:20408-1

SUSE-SU-2025:20413-1

SUSE-SU-2025:20419-1

SUSE-SU-2025:20421-1

SUSE-SU-2025_01951-1

SUSE-SU-2025_01964-1

SUSE-SU-2025_01965-1

SUSE-SU-2025_01967-1

SUSE-SU-2025_01972-1

SUSE-SU-2025_02000-1

Affected Products

Debian

Linux Kernel

Suse

CVE-2025-37804

Weakness Enumeration

Related Identifiers

Affected Products

References · 1415