CVE-2025-40216
Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: don't rely on user vaddr alignment
There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel io_uring/rsrc incorrectly calculates page offset from unaligned user virtual addresses, leading to potential memory corruption.
Vulnerability
In the Linux kernel's io_uring subsystem, the rsrc (resource) handling code assumed a certain alignment of user virtual addresses when coalescing pages into folios. However, user pointers are not guaranteed to be aligned, and the offset calculation logic relied on flawed bitmask operations, as described in the CVE description [1].
Exploitation
An attacker with the ability to submit io_uring requests with unaligned user addresses can trigger incorrect page offset computations. This may lead to accessing unintended memory regions within a folio. No special privileges beyond being able to use io_uring are required, though the attack surface is local.
Impact
Successful exploitation could result in memory corruption, potentially leading to a denial of service or escalation of privileges. The exact impact depends on the specific kernel configuration and usage patterns.
Mitigation
The fix was applied in commit 50998b0ae7d9 and backported to stable kernels [2]. Users should update to the latest kernel versions containing this patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
350998b0ae7d9f167692415943a3c6d61577dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.