14 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/net: Ensure that the import of the vectorized buffer node is tied to a notification. When support for vectorized registered buffers was added, the import itself uses ‘req’ instead of the notification iokiocb, sr-notif. Fo...
SUSE CVE-2025-68294
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
CVE-2025-68294
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
UBUNTU-CVE-2025-68294
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
CVE-2025-68294
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
CVE-2025-68294
Summary : CVE-2025-68294 concerns the Linux kernel’s IO_URING/vectored buffer handling. The issue arises in the vectored buffer import path where the import used the wrong IO_kiocb context ('req') instead of the notification context (sr->notif), risking lifetime misalignment between the vector...
CVE-2025-68294 io_uring/net: ensure vectored buffer node import is tied to notification
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
Linux Distros Unpatched Vulnerability : CVE-2025-68294
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req'...
Linux Distros Unpatched Vulnerability : CVE-2025-39963
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring: fix incorrect iokiocb reference in iolinkskb In iolinkskb function, there is a bug where prevnotif is incorrectly assigned using 'nd' instead of...
CVE-2025-39963
In the Linux kernel, the following vulnerability has been resolved: iouring: fix incorrect iokiocb reference in iolinkskb In iolinkskb function, there is a bug where prevnotif is incorrectly assigned using 'nd' instead of 'prevnd'. This causes the context validation check to compare the current...
CVE-2025-39963 io_uring: fix incorrect io_kiocb reference in io_link_skb
In the Linux kernel, the following vulnerability has been resolved: iouring: fix incorrect iokiocb reference in iolinkskb In iolinkskb function, there is a bug where prevnotif is incorrectly assigned using 'nd' instead of 'prevnd'. This causes the context validation check to compare the current...
kernel: io_uring/futex: ensure io_futex_wait() cleans up properly on failure
In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...
SUSE CVE-2025-38453
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...
CVE-2025-38453
CVE-2025-38453 affects the Linux kernel: the io_uring/msg_ring path can free an io_kiocb at an unsafe time, leading to use-after-free scenarios. The documented fix defers freeing via RC/RCU mechanics by adding an rcU head and switching to kfree_rcu() in both the freeing paths (io_msg_tw_complete(...