CVE-2025-40291

Summary

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix regbuf vector size truncation

There is a report of io_estimate_bvec_size() truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can be improved on top.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9ef4cbbcb4ac3786a1a4164507511b76b2a572c5 < 826ce37a842633efe1bb763e4b13045d74060d72affected
LinuxLinux9ef4cbbcb4ac3786a1a4164507511b76b2a572c5 < 146eb58629f45f8297e83d69e64d4eea4b28d972affected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.17.8 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References