CVE-2025-71149 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2026-01-23

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4476-1	linux-6.1 security update
Debian DSA	DSA-6126-1	linux security update
Debian DSA	DSA-6127-1	linux security update
Ubuntu USN	USN-8177-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8179-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8177-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8183-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8184-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8179-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8185-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8179-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8183-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8203-1	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-8204-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-8185-2	Linux kernel (Low Latency NVIDIA) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71149-c9ee@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71149
https://www.cve.org/CVERecord?id=CVE-2025-71149

History

Sat, 02 May 2026 07:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	NVD-CWE-noinfo
CPEs	cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/0126560370ed5217958b85657b590ad25e8b9c00 https://git.kernel.org/stable/c/13a8f7b88c2d40c6b33f6216190478dda95d385f https://git.kernel.org/stable/c/84230ad2d2afbf0c44c32967e525c0ad92e26b4e https://git.kernel.org/stable/c/8b777ab48441b153502772ecfc78c107d4353f29 https://git.kernel.org/stable/c/c1669c03bfbc2a9b5ebff4428eecebe734c646fe

Sat, 02 May 2026 06:45:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions consistently and with fixed return codes, the POLL_REMOVE opcode with updates got slightly broken. If a POLL_ADD is pending and then POLL_REMOVE is used to update the events of that request, if that update causes the POLL_ADD to now trigger, then that completion is lost and a CQE is never posted. Additionally, ensure that if an update does cause an existing POLL_ADD to complete, that the completion value isn't always overwritten with -ECANCELED. For that case, whatever io_poll_add() set the value to should just be retained.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	io_uring/poll: correctly handle io_poll_add() return value on update	kernel: io_uring/poll: correctly handle io_poll_add() return value on update

Thu, 26 Feb 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Sat, 24 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71149-c9ee@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71149 https://www.cve.org/CVERecord?id=CVE-2025-71149
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 23 Jan 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions consistently and with fixed return codes, the POLL_REMOVE opcode with updates got slightly broken. If a POLL_ADD is pending and then POLL_REMOVE is used to update the events of that request, if that update causes the POLL_ADD to now trigger, then that completion is lost and a CQE is never posted. Additionally, ensure that if an update does cause an existing POLL_ADD to complete, that the completion value isn't always overwritten with -ECANCELED. For that case, whatever io_poll_add() set the value to should just be retained.
Title		io_uring/poll: correctly handle io_poll_add() return value on update
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0126560370ed5217958b85657b590ad25e8b9c00 https://git.kernel.org/stable/c/13a8f7b88c2d40c6b33f6216190478dda95d385f https://git.kernel.org/stable/c/84230ad2d2afbf0c44c32967e525c0ad92e26b4e https://git.kernel.org/stable/c/8b777ab48441b153502772ecfc78c107d4353f29 https://git.kernel.org/stable/c/c1669c03bfbc2a9b5ebff4428eecebe734c646fe

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2026-01-23T14:15:15.878Z

Updated: 2026-05-02T06:18:09.994Z

Reserved: 2026-01-13T15:30:19.662Z

Link: CVE-2025-71149

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2026-01-23T15:16:05.630

Modified: 2026-05-02T07:16:01.267

Link: CVE-2025-71149

Redhat

Severity : Low

Publid Date: 2026-01-23T00:00:00Z

Links: CVE-2025-71149 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object