{"vulnerability": "CVE-2025-21630", "sightings": [{"uuid": "fb559017-0d40-4965-9f78-6877b6a1f470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21630", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1750", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21630\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: always initialize kmsg->msg.msg_inq upfront\n\nsyzbot reports that ->msg_inq may get used uinitialized from the\nfollowing path:\n\nBUG: KMSAN: uninit-value in io_recv_buf_select io_uring/net.c:1094 [inline]\nBUG: KMSAN: uninit-value in io_recv+0x930/0x1f90 io_uring/net.c:1158\n io_recv_buf_select io_uring/net.c:1094 [inline]\n io_recv+0x930/0x1f90 io_uring/net.c:1158\n io_issue_sqe+0x420/0x2130 io_uring/io_uring.c:1740\n io_queue_sqe io_uring/io_uring.c:1950 [inline]\n io_req_task_submit+0xfa/0x1d0 io_uring/io_uring.c:1374\n io_handle_tw_list+0x55f/0x5c0 io_uring/io_uring.c:1057\n tctx_task_work_run+0x109/0x3e0 io_uring/io_uring.c:1121\n tctx_task_work+0x6d/0xc0 io_uring/io_uring.c:1139\n task_work_run+0x268/0x310 kernel/task_work.c:239\n io_run_task_work+0x43a/0x4a0 io_uring/io_uring.h:343\n io_cqring_wait io_uring/io_uring.c:2527 [inline]\n __do_sys_io_uring_enter io_uring/io_uring.c:3439 [inline]\n __se_sys_io_uring_enter+0x204f/0x4ce0 io_uring/io_uring.c:3330\n __x64_sys_io_uring_enter+0x11f/0x1a0 io_uring/io_uring.c:3330\n x64_sys_call+0xce5/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:427\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nand it is correct, as it's never initialized upfront. Hence the first\nsubmission can end up using it uninitialized, if the recv wasn't\nsuccessful and the networking stack didn't honor ->msg_get_inq being set\nand filling in the output value of ->msg_inq as requested.\n\nSet it to 0 upfront when it's allocated, just to silence this KMSAN\nwarning. There's no side effect of using it uninitialized, it'll just\npotentially cause the next receive to use a recv value hint that's not\naccurate.\n\ud83d\udccf Published: 2025-01-15T13:06:01.027Z\n\ud83d\udccf Modified: 2025-01-15T13:06:01.027Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/127c280067167beb88461cd930f7c7a4bb3c7239\n2. https://git.kernel.org/stable/c/c6e60a0a68b7e6b3c7e33863a16e8e88ba9eee6f", "creation_timestamp": "2025-01-15T14:18:43.000000Z"}, {"uuid": "0d9594ef-b06e-4350-a00a-9edd5c59d75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21630", "type": "seen", "source": "https://t.me/cvedetector/15442", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21630 - Linux Kernel: io_uring: Uninitialized Message Queue Inquire\", \n  \"Content\": \"CVE ID : CVE-2025-21630 \nPublished : Jan. 15, 2025, 1:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nio_uring/net: always initialize kmsg->msg.msg_inq upfront  \n  \nsyzbot reports that ->msg_inq may get used uinitialized from the  \nfollowing path:  \n  \nBUG: KMSAN: uninit-value in io_recv_buf_select io_uring/net.c:1094 [inline]  \nBUG: KMSAN: uninit-value in io_recv+0x930/0x1f90 io_uring/net.c:1158  \n io_recv_buf_select io_uring/net.c:1094 [inline]  \n io_recv+0x930/0x1f90 io_uring/net.c:1158  \n io_issue_sqe+0x420/0x2130 io_uring/io_uring.c:1740  \n io_queue_sqe io_uring/io_uring.c:1950 [inline]  \n io_req_task_submit+0xfa/0x1d0 io_uring/io_uring.c:1374  \n io_handle_tw_list+0x55f/0x5c0 io_uring/io_uring.c:1057  \n tctx_task_work_run+0x109/0x3e0 io_uring/io_uring.c:1121  \n tctx_task_work+0x6d/0xc0 io_uring/io_uring.c:1139  \n task_work_run+0x268/0x310 kernel/task_work.c:239  \n io_run_task_work+0x43a/0x4a0 io_uring/io_uring.h:343  \n io_cqring_wait io_uring/io_uring.c:2527 [inline]  \n __do_sys_io_uring_enter io_uring/io_uring.c:3439 [inline]  \n __se_sys_io_uring_enter+0x204f/0x4ce0 io_uring/io_uring.c:3330  \n __x64_sys_io_uring_enter+0x11f/0x1a0 io_uring/io_uring.c:3330  \n x64_sys_call+0xce5/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:427  \n do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nand it is correct, as it's never initialized upfront. Hence the first  \nsubmission can end up using it uninitialized, if the recv wasn't  \nsuccessful and the networking stack didn't honor ->msg_get_inq being set  \nand filling in the output value of ->msg_inq as requested.  \n  \nSet it to 0 upfront when it's allocated, just to silence this KMSAN  \nwarning. There's no side effect of using it uninitialized, it'll just  \npotentially cause the next receive to use a recv value hint that's not  \naccurate. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T15:06:41.000000Z"}, {"uuid": "4733d4d2-c646-4d91-aa28-b04297a229c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21630", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrtzwcqke2h", "content": "", "creation_timestamp": "2025-01-15T13:17:28.284608Z"}]}