CVE-2025-68317

Linux Kernel 6.10-6.12.57, 6.13-6.17.7 - Use-After-Free in io_uring Notification Context Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/zctx: check chained notif contexts Send zc only links ubuf_info for requests coming from the same context. There are some ambiguous syz reports, so let's check the assumption on notification completion.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/aaafd17d3f4be2c15539359a5b4bfa00237f687f

Patch

https://git.kernel.org/stable/c/d664a3ce3a604231a0b144c152a3755d03b18b60

Patch

https://git.kernel.org/stable/c/ab3ea6eac5f45669b091309f592c4ea324003053

Scores

EPSS 0.0002

EPSS Percentile 7.0%

Details

Status published

Products (10)

linux/Kernel 6.10.0 - 6.12.58linux

linux/Kernel 6.13.0 - 6.17.8linux

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.12.58 - 6.12.*

Linux/Linux 6.17.8 - 6.17.*

Linux/Linux 6.18

Linux/Linux 6fe4220912d19152a26ce19713ab232f4263018d - aaafd17d3f4be2c15539359a5b4bfa00237f687f

Linux/Linux 6fe4220912d19152a26ce19713ab232f4263018d - ab3ea6eac5f45669b091309f592c4ea324003053

Linux/Linux 6fe4220912d19152a26ce19713ab232f4263018d - d664a3ce3a604231a0b144c152a3755d03b18b60

Published Dec 16, 2025

Tracked Since Feb 18, 2026