CVE-2025-40291

Linux Kernel 6.15-6.17.7 - Integer Overflow in io_uring regbuf Vector Size Calculation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix regbuf vector size truncation There is a report of io_estimate_bvec_size() truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can be improved on top.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/826ce37a842633efe1bb763e4b13045d74060d72

Patch

https://git.kernel.org/stable/c/146eb58629f45f8297e83d69e64d4eea4b28d972

Scores

EPSS 0.0003

EPSS Percentile 8.0%

Details

Status published

Products (7)

linux/Kernel 6.15.0 - 6.17.8linux

Linux/Linux < 6.15

Linux/Linux 6.15

Linux/Linux 6.17.8 - 6.17.*

Linux/Linux 6.18

Linux/Linux 9ef4cbbcb4ac3786a1a4164507511b76b2a572c5 - 146eb58629f45f8297e83d69e64d4eea4b28d972

Linux/Linux 9ef4cbbcb4ac3786a1a4164507511b76b2a572c5 - 826ce37a842633efe1bb763e4b13045d74060d72

Published Dec 08, 2025

Tracked Since Feb 18, 2026