CVE-2025-68294

Summary

In the Linux kernel, the following vulnerability has been resolved:

io_uring/net: ensure vectored buffer node import is tied to notification

When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification io_kiocb, sr->notif. For non-vectored imports, sr->notif is correctly used. This is important as the lifetime of the two may be different. Use the correct io_kiocb for the vectored buffer import.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux23371eac7d9a9bca5360cfb3eb3aa08648ee7246 < 14459281e027f23b70885c1cc1032a71c0efd8d7affected
LinuxLinux23371eac7d9a9bca5360cfb3eb3aa08648ee7246 < f6041803a831266a2a5a5b5af66f7de0845bcbf3affected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.17.11 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References