A critical vulnerability has been discovered in the interface of asynchronous input/output IO_URING provided by the Linux kernel, which could potentially allow an unauthorized user to execute their code at the kernel level. The vulnerability, identified as CVE-2025-39698, is a result of the lack of a check for the existence of an object before performing operations on it.
To address this issue, users are advised to check for updates on the official pages of various distributions. These include Debian, Ubuntu, Fedora, SUSE/Opensuse, RHEL, Gentoo, and Arch.
/Reports, release notes, official announcements.