CVE-2025-68294

Linux Kernel 6.15-6.17.11 - Use-After-Free in io_uring Vectored Buffer Import

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification io_kiocb, sr->notif. For non-vectored imports, sr->notif is correctly used. This is important as the lifetime of the two may be different. Use the correct io_kiocb for the vectored buffer import.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/14459281e027f23b70885c1cc1032a71c0efd8d7

Patch

https://git.kernel.org/stable/c/f6041803a831266a2a5a5b5af66f7de0845bcbf3

Scores

EPSS 0.0003

EPSS Percentile 7.8%

Details

Status published

Products (7)

linux/Kernel 6.15.0 - 6.17.11linux

Linux/Linux < 6.15

Linux/Linux 23371eac7d9a9bca5360cfb3eb3aa08648ee7246 - 14459281e027f23b70885c1cc1032a71c0efd8d7

Linux/Linux 23371eac7d9a9bca5360cfb3eb3aa08648ee7246 - f6041803a831266a2a5a5b5af66f7de0845bcbf3

Linux/Linux 6.15

Linux/Linux 6.17.11 - 6.17.*

Linux/Linux 6.18

Published Dec 16, 2025

Tracked Since Feb 18, 2026