CVE-2025-39822

Summary

In the Linux kernel, the following vulnerability has been resolved:

io_uring/kbuf: fix signedness in this_len calculation

When importing and using buffers, buf->len is considered unsigned. However, buf->len is converted to signed int when committing. This can lead to unexpected behavior if the buffer is large enough to be interpreted as a negative value. Make min_t calculation unsigned.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcf9536e550dd243a1681fdbf804221527da20a80 < f4f411c068402c370c4f9a9d4950a97af97bbbb1affected
LinuxLinuxcf9536e550dd243a1681fdbf804221527da20a80 < c64eff368ac676e8540344d27a3de47e0ad90d21affected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.16.5 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References