{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-40364", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.187Z", "datePublished": "2025-04-18T13:50:24.257Z", "dateUpdated": "2025-10-11T12:29:35.640Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-11T12:29:35.640Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix io_req_prep_async with provided buffers\n\nio_req_prep_async() can import provided buffers, commit the ring state\nby giving up on that before, it'll be reimported later if needed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/io_uring.c"], "versions": [{"version": "c7fb19428d67dd0a2a78a4f237af01d39c78dc5a", "lessThan": "233b210a678bddf8b49b02a070074a52b87e6d43", "status": "affected", "versionType": "git"}, {"version": "c7fb19428d67dd0a2a78a4f237af01d39c78dc5a", "lessThan": "a1b17713b32c75a90132ea2f92b1257f3bbc20f3", "status": "affected", "versionType": "git"}, {"version": "c7fb19428d67dd0a2a78a4f237af01d39c78dc5a", "lessThan": "b86f1d51731e621e83305dc9564ae14c9ef752bf", "status": "affected", "versionType": "git"}, {"version": "c7fb19428d67dd0a2a78a4f237af01d39c78dc5a", "lessThan": "a94592ec30ff67dc36c424327f1e0a9ceeeb9bd3", "status": "affected", "versionType": "git"}, {"version": "c7fb19428d67dd0a2a78a4f237af01d39c78dc5a", "lessThan": "35ae7910c349fb3c60439992e2e0e79061e95382", "status": "affected", "versionType": "git"}, {"version": "c7fb19428d67dd0a2a78a4f237af01d39c78dc5a", "lessThan": "f0ef94553868d07c1b14d7743a7e2553e5a831a3", "status": "affected", "versionType": "git"}, {"version": "c7fb19428d67dd0a2a78a4f237af01d39c78dc5a", "lessThan": "d63b0e8a628e62ca85a0f7915230186bb92f8bb4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/io_uring.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.129", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.78", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.14", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.3", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1.129"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1.129"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.6.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.6.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.12.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.13.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/233b210a678bddf8b49b02a070074a52b87e6d43"}, {"url": "https://git.kernel.org/stable/c/a1b17713b32c75a90132ea2f92b1257f3bbc20f3"}, {"url": "https://git.kernel.org/stable/c/b86f1d51731e621e83305dc9564ae14c9ef752bf"}, {"url": "https://git.kernel.org/stable/c/a94592ec30ff67dc36c424327f1e0a9ceeeb9bd3"}, {"url": "https://git.kernel.org/stable/c/35ae7910c349fb3c60439992e2e0e79061e95382"}, {"url": "https://git.kernel.org/stable/c/f0ef94553868d07c1b14d7743a7e2553e5a831a3"}, {"url": "https://git.kernel.org/stable/c/d63b0e8a628e62ca85a0f7915230186bb92f8bb4"}], "title": "io_uring: fix io_req_prep_async with provided buffers", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE25DF79-9FB2-4DE2-93D0-BF8587BF37CA", "versionEndExcluding": "6.1.129", "versionStartIncluding": "5.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C58261F-EDFB-4A12-8CCD-F12101482030", "versionEndExcluding": "6.6.78", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD", "versionEndExcluding": "6.12.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00", "versionEndExcluding": "6.13.3", "versionStartIncluding": "6.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix io_req_prep_async with provided buffers\n\nio_req_prep_async() can import provided buffers, commit the ring state\nby giving up on that before, it'll be reimported later if needed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: corrige io_req_prep_async con b\u00faferes proporcionados io_req_prep_async() puede importar b\u00faferes proporcionados, confirmar el estado del anillo renunciando a eso antes, se volver\u00e1 a importar m\u00e1s tarde si es necesario. "}], "id": "CVE-2025-40364", "lastModified": "2025-11-17T14:06:37.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-18T14:15:23.100", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/233b210a678bddf8b49b02a070074a52b87e6d43"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/35ae7910c349fb3c60439992e2e0e79061e95382"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1b17713b32c75a90132ea2f92b1257f3bbc20f3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a94592ec30ff67dc36c424327f1e0a9ceeeb9bd3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b86f1d51731e621e83305dc9564ae14c9ef752bf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d63b0e8a628e62ca85a0f7915230186bb92f8bb4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f0ef94553868d07c1b14d7743a7e2553e5a831a3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: io_uring: fix io_req_prep_async with provided buffers", "id": "2360969", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360969"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nio_uring: fix io_req_prep_async with provided buffers\nio_req_prep_async() can import provided buffers, commit the ring state\nby giving up on that before, it'll be reimported later if needed."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-40364", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40364\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40364\nhttps://lore.kernel.org/linux-cve-announce/2025041827-CVE-2025-40364-d93c@gregkh/T"], "statement": "No Red Hat products are affected by this flaw, as the io_uring subsystem is not enabled in any currently shipping kernel release. It could be enabled in latest versions of Red Hat Enterprise Linux only. The bug is about potential leak of memory and doesn't lead to any more severe security impact.", "threat_severity": "Low"}