20 matches found
kernel: io_uring/rsrc: reject zero-length fixed buffer import
A flaw was found in the Linux kernel's iouring subsystem. A local attacker can exploit a vulnerability in the ioimportfixed function by importing a zero-length fixed buffer. This can lead to an out-of-bounds read from slab memory, potentially resulting in information disclosure or a denial of...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/net: Ensure that the import of the vectorized buffer node is tied to a notification. When support for vectorized registered buffers was added, the import itself uses ‘req’ instead of the notification iokiocb, sr-notif. Fo...
CVE-2026-43006
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: reject zero-length fixed buffer import validatefixedrange admits bufaddr at the exact end of the registered region when len is zero, because the check uses strict greater-than bufend imu-ubuf + imu-len. ioimportfixe...
EUVD-2026-26605
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: reject zero-length fixed buffer import validatefixedrange admits bufaddr at the exact end of the registered region when len is zero, because the check uses strict greater-than bufend imu-ubuf + imu-len. ioimportfixe...
CVE-2026-43006 io_uring/rsrc: reject zero-length fixed buffer import
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: reject zero-length fixed buffer import validatefixedrange admits bufaddr at the exact end of the registered region when len is zero, because the check uses strict greater-than bufend imu-ubuf + imu-len. ioimportfixe...
CVE-2026-43006
CVE-2026-43006 (Linux kernel io_uring rsr/rsrc): A zero-length fixed-buffer import in io_import_fixed() could trigger a slab-out-of-bounds read due to a boundary check that allows len == 0 to be processed. The underlying issue is in validate_fixed_range(), which permits buf_addr at the end of the...
CVE-2026-43006
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: reject zero-length fixed buffer import validatefixedrange admits bufaddr at the exact end of the registered region when len is zero, because the check uses strict greater-than bufend imu-ubuf + imu-len. ioimportfixe...
PT-2026-36423
In the Linux kernel, the following vulnerability has been resolved: io uring/rsrc: reject zero-length fixed buffer import validate fixed range admits buf addr at the exact end of the registered region when len is zero, because the check uses strict greater-than buf end imu-ubuf + imu-len. io impo...
SUSE CVE-2025-68294
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
EUVD-2025-203786
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
UBUNTU-CVE-2025-68294
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
CVE-2025-68294
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
CVE-2025-68294
Summary : CVE-2025-68294 concerns the Linux kernel’s IO_URING/vectored buffer handling. The issue arises in the vectored buffer import path where the import used the wrong IO_kiocb context ('req') instead of the notification context (sr->notif), risking lifetime misalignment between the vector...
CVE-2025-68294 io_uring/net: ensure vectored buffer node import is tied to notification
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
PT-2025-51698
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s io uring/net functionality. Specifically, the import process for vectored registered buffers incorrectly uses 'req' instead of the correct io kiocb,...
Linux Distros Unpatched Vulnerability : CVE-2025-68294
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req'...
Linux Distros Unpatched Vulnerability : CVE-2025-39822
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/kbuf: fix signedness in thislen calculation When importing and using buffers, buf-len is considered unsigned. However, buf-len is converted to signed in...
CVE-2025-39822
The CVE-2025-39822 issue affects the Linux kernel io_uring/kbuf path. Root cause: buf->len is treated unsigned when importing buffers but is converted to signed int when committing, risking negative interpretation for large buffers. Mitigation: the min_t calculation is now unsigned. This is a ...
UBUNTU-CVE-2025-40364
In the Linux kernel, the following vulnerability has been resolved: iouring: fix ioreqprepasync with provided buffers ioreqprepasync can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed...
CVE-2022-25743
Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...