{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T22:12:09.463","vulnerabilities":[{"cve":{"id":"CVE-2025-37759","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-05-01T13:15:54.690","lastModified":"2025-11-06T21:44:32.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix handling recovery & reissue in ublk_abort_queue()\n\nCommit 8284066946e6 (\"ublk: grab request reference when the request is handled\nby userspace\") doesn't grab request reference in case of recovery reissue.\nThen the request can be requeued & re-dispatch & failed when canceling\nuring command.\n\nIf it is one zc request, the request can be freed before io_uring\nreturns the zc buffer back, then cause kernel panic:\n\n[  126.773061] BUG: kernel NULL pointer dereference, address: 00000000000000c8\n[  126.773657] #PF: supervisor read access in kernel mode\n[  126.774052] #PF: error_code(0x0000) - not-present page\n[  126.774455] PGD 0 P4D 0\n[  126.774698] Oops: Oops: 0000 [#1] SMP NOPTI\n[  126.775034] CPU: 13 UID: 0 PID: 1612 Comm: kworker/u64:55 Not tainted 6.14.0_blk+ #182 PREEMPT(full)\n[  126.775676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014\n[  126.776275] Workqueue: iou_exit io_ring_exit_work\n[  126.776651] RIP: 0010:ublk_io_release+0x14/0x130 [ublk_drv]\n\nFixes it by always grabbing request reference for aborting the request."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ublk: corrección del manejo de la recuperación y la reemisión en ublk_abort_queue(). La confirmación 8284066946e6 (\"ublk: toma la referencia de la solicitud cuando la solicitud es manejada por el espacio de usuario\") no toma la referencia de la solicitud en caso de reemisión de recuperación. En ese caso, la solicitud se puede volver a poner en cola y reenviar, y falla al cancelar el comando \"uring\". Si es una solicitud zc, la solicitud se puede liberar antes de que io_uring devuelva el buffer zc, y luego cause pánico en el kernel: [ 126.773061] ERROR: desreferencia de puntero NULL del kernel, dirección: 00000000000000c8 [ 126.773657] #PF: acceso de lectura del supervisor en modo kernel [ 126.774052] #PF: error_code(0x0000) - página no presente [ 126.774455] PGD 0 P4D 0 [ 126.774698] Oops: Oops: 0000 [#1] SMP NOPTI [ 126.775034] CPU: 13 UID: 0 PID: 1612 Comm: kworker/u64:55 No contaminado 6.14.0_blk+ #182 PREEMPT(full) [ 126.775676] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 01/04/2014 [ 126.776275] Cola de trabajo: iou_exit io_ring_exit_work [ 126.776651] RIP: 0010:ublk_io_release+0x14/0x130 [ublk_drv] Lo corrige tomando siempre la referencia de la solicitud para abortar la solicitud."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.12.24","matchCriteriaId":"40C993FD-7D9B-47D2-B07F-80FC2EC7C191"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.12","matchCriteriaId":"4A475784-BF3B-4514-81EE-49C8522FB24A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.14.3","matchCriteriaId":"483E2E15-2135-4EC6-AB64-16282C5EF704"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*","matchCriteriaId":"8D465631-2980-487A-8E65-40AE2B9F8ED1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a21d259ca4d6310fdfcc0284ebbc000e66cbf70","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d34a30efac9c9c93e150130caa940c0df6053c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6ee6bd5d4fce502a5b5a2ea805e9ff16e6aa890f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/caa5c8a2358604f38bf0a4afaa5eacda13763067","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}