CVE-2025-40216

Summary

In the Linux kernel, the following vulnerability has been resolved:

io_uring/rsrc: don't rely on user vaddr alignment

There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa8edbb424b1391b077407c75d8f5d2ede77aa70d < 50998b0ae7d9d552e96d8b7239981cf05f65eff5affected
LinuxLinuxa8edbb424b1391b077407c75d8f5d2ede77aa70d < f16769241594be59387b56ab525e327f54377e60affected
LinuxLinuxa8edbb424b1391b077407c75d8f5d2ede77aa70d < 3a3c6d61577dbb23c09df3e21f6f9eda1ecd634baffected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.36 <= 6.12.*unaffected
LinuxLinux6.15.5 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References