Déjà Vu in Linux io_uring: Breaking Memory Sharing Again After Generations of Fixes
Chih-Yen Chang
Hexacon 2025 · Day 1 · Main Stage
This talk, presented by Chih-Yen Chang, also known as Pumpkin, from DEVCORE, delves into a critical race condition he discovered within the Linux kernel's **io_uring** subsystem, identified as **CVE-2025-2136**. The vulnerability is particularly noteworthy because it exploits a memory sharing mechanism that has been the subject of multiple previous fixes, yet continues to harbor subtle flaws. The "déjà vu" in the title aptly captures the recurring nature of these issues, where attempts to address one problem inadvertently create conditions for another, highlighting the profound complexities of concurrent memory management in the kernel.
AI review
Pumpkin delivers exactly the kind of talk that justifies the existence of security conferences: original kernel research, a genuinely novel vulnerability in one of the most scrutinized subsystems in Linux, a working exploit with a clever stabilization technique, and the intellectual honesty to contextualize the bug within a multi-generation lineage of related fixes. CVE-2025-2136 is not a rediscovery or a rehash — it's a fresh race condition in io_uring's buffer upgrade path that survives three prior rounds of patching, and the speaker clearly did every bit of this work himself. The…