VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 6, 2025· Updated Apr 15, 2026

CVE-2025-40267

CVE-2025-40267

Description

In the Linux kernel, the following vulnerability has been resolved:

io_uring/rw: ensure allocated iovec gets cleared for early failure

A previous commit reused the recyling infrastructure for early cleanup, but this is not enough for the case where our internal caches have overflowed. If this happens, then the allocated iovec can get leaked if the request is also aborted early.

Reinstate the previous forced free of the iovec for that situation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A use-after-free or memory leak in io_uring/rw occurs when internal iovec caches overflow and the request is aborted early, due to insufficient cleanup.

Root

Cause

The vulnerability resides in the Linux kernel's io_uring subsystem, specifically in the read/write (rw) path. A previous commit introduced recycling infrastructure for early cleanup of iovec allocations. However, when the internal iovec caches overflow, the allocated iovec is not properly freed if the request is aborted early. This leads to a memory leak or potential use-after-free condition [1].

Exploitation

An attacker would need to trigger a scenario where io_uring requests are submitted and then aborted early, while also causing the internal iovec caches to overflow. This requires local access to the system and the ability to create io_uring instances. The attack surface is limited to users with sufficient privileges to use io_uring, but no special network position is required [1].

Impact

Successful exploitation could lead to memory corruption or information disclosure, as the leaked iovec may contain kernel memory pointers. In worst-case scenarios, this could be leveraged for privilege escalation or denial of service. The exact impact depends on system configuration and memory layout [1].

Mitigation

The fix reinstates the previous forced free of the iovec for the overflow case, ensuring proper cleanup. The patch is included in stable kernel updates. Users should apply the latest kernel updates from their distribution to remediate this vulnerability [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

2
094c6467fe05
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
d3c9c213c0b8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.