CVE-2025-68294
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring/net: ensure vectored buffer node import is tied to notification
When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification io_kiocb, sr->notif. For non-vectored imports, sr->notif is correctly used. This is important as the lifetime of the two may be different. Use the correct io_kiocb for the vectored buffer import.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 23371eac7d9a9bca5360cfb3eb3aa08648ee7246 < 14459281e027f23b70885c1cc1032a71c0efd8d7 | affected |
| Linux | Linux | 23371eac7d9a9bca5360cfb3eb3aa08648ee7246 < f6041803a831266a2a5a5b5af66f7de0845bcbf3 | affected |
| Linux | Linux | 6.15 | affected |
| Linux | Linux | 0 < 6.15 | unaffected |
| Linux | Linux | 6.17.11 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/14459281e027f23b70885c1cc1032a71c0efd8d7
- https://git.kernel.org/stable/c/f6041803a831266a2a5a5b5af66f7de0845bcbf3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.