github - ghsa-3qj7-2xc7-mxqw

ghsa-3qj7-2xc7-mxqw

Vulnerability from github

Published

2025-12-07 00:30

Modified

2025-12-07 00:30

Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring/rw: ensure allocated iovec gets cleared for early failure

A previous commit reused the recyling infrastructure for early cleanup, but this is not enough for the case where our internal caches have overflowed. If this happens, then the allocated iovec can get leaked if the request is also aborted early.

Reinstate the previous forced free of the iovec for that situation.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40267"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-06T22:15:54Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: ensure allocated iovec gets cleared for early failure\n\nA previous commit reused the recyling infrastructure for early cleanup,\nbut this is not enough for the case where our internal caches have\noverflowed. If this happens, then the allocated iovec can get leaked if\nthe request is also aborted early.\n\nReinstate the previous forced free of the iovec for that situation.",
  "id": "GHSA-3qj7-2xc7-mxqw",
  "modified": "2025-12-07T00:30:56Z",
  "published": "2025-12-07T00:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40267"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/094c6467fe05e0de618c5a7fcff4d3ee20aeaef8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-40267 (GCVE-0-2025-40267)

Vulnerability from cvelistv5

Published

2025-12-06 21:50

Modified

2025-12-06 21:50

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: ensure allocated iovec gets cleared for early failure A previous commit reused the recyling infrastructure for early cleanup, but this is not enough for the case where our internal caches have overflowed. If this happens, then the allocated iovec can get leaked if the request is also aborted early. Reinstate the previous forced free of the iovec for that situation.

References

URL

Tags

	https://git.kernel.org/stable/c/094c6467fe05e0de618c5a7fcff4d3ee20aeaef8
	https://git.kernel.org/stable/c/d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc

Impacted products

Vendor

Product

Version

Version: 9ac273ae3dc296905b4d61e4c8e7a25592f6d183
Version: 9ac273ae3dc296905b4d61e4c8e7a25592f6d183

Version: 6.14

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "io_uring/rw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "094c6467fe05e0de618c5a7fcff4d3ee20aeaef8",
              "status": "affected",
              "version": "9ac273ae3dc296905b4d61e4c8e7a25592f6d183",
              "versionType": "git"
            },
            {
              "lessThan": "d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc",
              "status": "affected",
              "version": "9ac273ae3dc296905b4d61e4c8e7a25592f6d183",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "io_uring/rw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.9",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: ensure allocated iovec gets cleared for early failure\n\nA previous commit reused the recyling infrastructure for early cleanup,\nbut this is not enough for the case where our internal caches have\noverflowed. If this happens, then the allocated iovec can get leaked if\nthe request is also aborted early.\n\nReinstate the previous forced free of the iovec for that situation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-06T21:50:47.614Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/094c6467fe05e0de618c5a7fcff4d3ee20aeaef8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc"
        }
      ],
      "title": "io_uring/rw: ensure allocated iovec gets cleared for early failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40267",
    "datePublished": "2025-12-06T21:50:47.614Z",
    "dateReserved": "2025-04-16T07:20:57.183Z",
    "dateUpdated": "2025-12-06T21:50:47.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.