github - ghsa-px9x-jrmf-jcg2

ghsa-px9x-jrmf-jcg2

Vulnerability from github

Published

2025-12-16 18:31

Modified

2025-12-16 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring/net: ensure vectored buffer node import is tied to notification

When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification io_kiocb, sr->notif. For non-vectored imports, sr->notif is correctly used. This is important as the lifetime of the two may be different. Use the correct io_kiocb for the vectored buffer import.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-68294"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T16:16:08Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: ensure vectored buffer node import is tied to notification\n\nWhen support for vectored registered buffers was added, the import\nitself is using \u0027req\u0027 rather than the notification io_kiocb, sr-\u003enotif.\nFor non-vectored imports, sr-\u003enotif is correctly used. This is important\nas the lifetime of the two may be different. Use the correct io_kiocb\nfor the vectored buffer import.",
  "id": "GHSA-px9x-jrmf-jcg2",
  "modified": "2025-12-16T18:31:33Z",
  "published": "2025-12-16T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68294"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14459281e027f23b70885c1cc1032a71c0efd8d7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f6041803a831266a2a5a5b5af66f7de0845bcbf3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-68294 (GCVE-0-2025-68294)

Vulnerability from cvelistv5

Published

2025-12-16 15:06

Modified

2025-12-16 15:06

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification io_kiocb, sr->notif. For non-vectored imports, sr->notif is correctly used. This is important as the lifetime of the two may be different. Use the correct io_kiocb for the vectored buffer import.

References

URL

Tags

	https://git.kernel.org/stable/c/14459281e027f23b70885c1cc1032a71c0efd8d7
	https://git.kernel.org/stable/c/f6041803a831266a2a5a5b5af66f7de0845bcbf3

Impacted products

Vendor

Product

Version

Version: 23371eac7d9a9bca5360cfb3eb3aa08648ee7246
Version: 23371eac7d9a9bca5360cfb3eb3aa08648ee7246

Version: 6.15

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "io_uring/net.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "14459281e027f23b70885c1cc1032a71c0efd8d7",
              "status": "affected",
              "version": "23371eac7d9a9bca5360cfb3eb3aa08648ee7246",
              "versionType": "git"
            },
            {
              "lessThan": "f6041803a831266a2a5a5b5af66f7de0845bcbf3",
              "status": "affected",
              "version": "23371eac7d9a9bca5360cfb3eb3aa08648ee7246",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "io_uring/net.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.11",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: ensure vectored buffer node import is tied to notification\n\nWhen support for vectored registered buffers was added, the import\nitself is using \u0027req\u0027 rather than the notification io_kiocb, sr-\u003enotif.\nFor non-vectored imports, sr-\u003enotif is correctly used. This is important\nas the lifetime of the two may be different. Use the correct io_kiocb\nfor the vectored buffer import."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T15:06:14.177Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/14459281e027f23b70885c1cc1032a71c0efd8d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6041803a831266a2a5a5b5af66f7de0845bcbf3"
        }
      ],
      "title": "io_uring/net: ensure vectored buffer node import is tied to notification",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68294",
    "datePublished": "2025-12-16T15:06:14.177Z",
    "dateReserved": "2025-12-16T14:48:05.293Z",
    "dateUpdated": "2025-12-16T15:06:14.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.