CVE-2025-71149
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-05-02

Assigner: kernel.org

Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-05-02
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-05-01
NVD
CVE-2025-71149
EUVD
EUVD-2026-4405
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.120 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.64 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.3 (exc)
linux linux_kernel From 6.0 (inc) to 6.1.160 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's io_uring subsystem, specifically in how it handles the io_poll_add() return value during updates. When an event polling request is updated from POLL_ADD to POLL_REMOVE, if the update causes the POLL_ADD event to trigger, the completion event is lost and a completion queue entry (CQE) is never posted. Additionally, the completion value may be incorrectly overwritten with -ECANCELED instead of retaining the correct value set by io_poll_add().

Impact Analysis

This vulnerability can cause loss of completion notifications in the io_uring subsystem, meaning that certain I/O operations may appear to never complete. This can lead to application hangs, incorrect behavior, or resource leaks because the completion events are not properly reported to the application.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71149. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart