CVE-2025-40291
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix regbuf vector size truncation
There is a report of io_estimate_bvec_size() truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can be improved on top.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9ef4cbbcb4ac3786a1a4164507511b76b2a572c5 < 826ce37a842633efe1bb763e4b13045d74060d72 | affected |
| Linux | Linux | 9ef4cbbcb4ac3786a1a4164507511b76b2a572c5 < 146eb58629f45f8297e83d69e64d4eea4b28d972 | affected |
| Linux | Linux | 6.15 | affected |
| Linux | Linux | 0 < 6.15 | unaffected |
| Linux | Linux | 6.17.8 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/826ce37a842633efe1bb763e4b13045d74060d72
- https://git.kernel.org/stable/c/146eb58629f45f8297e83d69e64d4eea4b28d972
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.