CVE-2025-40267 (GCVE-0-2025-40267)
Vulnerability from cvelistv5
Published
2025-12-06 21:50
Modified
2025-12-06 21:50
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: ensure allocated iovec gets cleared for early failure A previous commit reused the recyling infrastructure for early cleanup, but this is not enough for the case where our internal caches have overflowed. If this happens, then the allocated iovec can get leaked if the request is also aborted early. Reinstate the previous forced free of the iovec for that situation.
References
Impacted products
Vendor Product Version
Linux Linux Version: 9ac273ae3dc296905b4d61e4c8e7a25592f6d183
Version: 9ac273ae3dc296905b4d61e4c8e7a25592f6d183
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "io_uring/rw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "094c6467fe05e0de618c5a7fcff4d3ee20aeaef8",
              "status": "affected",
              "version": "9ac273ae3dc296905b4d61e4c8e7a25592f6d183",
              "versionType": "git"
            },
            {
              "lessThan": "d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc",
              "status": "affected",
              "version": "9ac273ae3dc296905b4d61e4c8e7a25592f6d183",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "io_uring/rw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.9",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: ensure allocated iovec gets cleared for early failure\n\nA previous commit reused the recyling infrastructure for early cleanup,\nbut this is not enough for the case where our internal caches have\noverflowed. If this happens, then the allocated iovec can get leaked if\nthe request is also aborted early.\n\nReinstate the previous forced free of the iovec for that situation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-06T21:50:47.614Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/094c6467fe05e0de618c5a7fcff4d3ee20aeaef8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc"
        }
      ],
      "title": "io_uring/rw: ensure allocated iovec gets cleared for early failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40267",
    "datePublished": "2025-12-06T21:50:47.614Z",
    "dateReserved": "2025-04-16T07:20:57.183Z",
    "dateUpdated": "2025-12-06T21:50:47.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-40267\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-06T22:15:54.200\",\"lastModified\":\"2025-12-06T22:15:54.200\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nio_uring/rw: ensure allocated iovec gets cleared for early failure\\n\\nA previous commit reused the recyling infrastructure for early cleanup,\\nbut this is not enough for the case where our internal caches have\\noverflowed. If this happens, then the allocated iovec can get leaked if\\nthe request is also aborted early.\\n\\nReinstate the previous forced free of the iovec for that situation.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/094c6467fe05e0de618c5a7fcff4d3ee20aeaef8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.