CVE-2025-40216

Linux Kernel 6.12-6.12.35, 6.13-6.15.4, 6.16 - Use-After-Free in io_uring Resource Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of it.

Scores

EPSS 0.0016
EPSS Percentile 5.6%

Details

Status published
Products (10)
linux/Kernel 6.12.0 - 6.12.36linux
linux/Kernel 6.13.0 - 6.15.5linux
Linux/Linux < 6.12
Linux/Linux 6.12
Linux/Linux 6.12.36 - 6.12.*
Linux/Linux 6.15.5 - 6.15.*
Linux/Linux 6.16
Linux/Linux a8edbb424b1391b077407c75d8f5d2ede77aa70d - 3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b
Linux/Linux a8edbb424b1391b077407c75d8f5d2ede77aa70d - 50998b0ae7d9d552e96d8b7239981cf05f65eff5
Linux/Linux a8edbb424b1391b077407c75d8f5d2ede77aa70d - f16769241594be59387b56ab525e327f54377e60
Published Dec 04, 2025
Tracked Since Feb 18, 2026