{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40267", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.183Z", "datePublished": "2025-12-06T21:50:47.614Z", "dateUpdated": "2025-12-06T21:50:47.614Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-06T21:50:47.614Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: ensure allocated iovec gets cleared for early failure\n\nA previous commit reused the recyling infrastructure for early cleanup,\nbut this is not enough for the case where our internal caches have\noverflowed. If this happens, then the allocated iovec can get leaked if\nthe request is also aborted early.\n\nReinstate the previous forced free of the iovec for that situation."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/rw.c"], "versions": [{"version": "9ac273ae3dc296905b4d61e4c8e7a25592f6d183", "lessThan": "094c6467fe05e0de618c5a7fcff4d3ee20aeaef8", "status": "affected", "versionType": "git"}, {"version": "9ac273ae3dc296905b4d61e4c8e7a25592f6d183", "lessThan": "d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/rw.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.9", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.17.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/094c6467fe05e0de618c5a7fcff4d3ee20aeaef8"}, {"url": "https://git.kernel.org/stable/c/d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc"}], "title": "io_uring/rw: ensure allocated iovec gets cleared for early failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: ensure allocated iovec gets cleared for early failure\n\nA previous commit reused the recyling infrastructure for early cleanup,\nbut this is not enough for the case where our internal caches have\noverflowed. If this happens, then the allocated iovec can get leaked if\nthe request is also aborted early.\n\nReinstate the previous forced free of the iovec for that situation."}], "id": "CVE-2025-40267", "lastModified": "2025-12-08T18:26:49.133", "metrics": {}, "published": "2025-12-06T22:15:54.200", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/094c6467fe05e0de618c5a7fcff4d3ee20aeaef8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: io_uring/rw: ensure allocated iovec gets cleared for early failure", "id": "2419922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419922"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nio_uring/rw: ensure allocated iovec gets cleared for early failure\nA previous commit reused the recyling infrastructure for early cleanup,\nbut this is not enough for the case where our internal caches have\noverflowed. If this happens, then the allocated iovec can get leaked if\nthe request is also aborted early.\nReinstate the previous forced free of the iovec for that situation."], "name": "CVE-2025-40267", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40267\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40267\nhttps://lore.kernel.org/linux-cve-announce/2025120714-CVE-2025-40267-4904@gregkh/T"], "threat_severity": "Low"}