CVE-2026-23259

MEDIUM

io_uring/rw: free potentially allocated iovec on cache put failure

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end up with an unaccounted iovec pointer. Have io_rw_recycle() return whether it recycled the request or not, and use that to gauge whether to free a potential iovec or not.

Scores

CVSS v3 5.5
EPSS 0.0010
EPSS Percentile 1.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (11)
linux/Kernel 6.10.0 - 6.18.10linux
Linux/Linux < 6.10
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 4b9748055457ac3a0710bf210c229d01ea1b01b9
Linux/Linux 6.10
Linux/Linux 6.18.10 - 6.18.*
Linux/Linux 6.19
Linux/Linux a9165b83c1937eeed1f0c731468216d6371d647f - 1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c
Linux/Linux a9165b83c1937eeed1f0c731468216d6371d647f - 4b9748055457ac3a0710bf210c229d01ea1b01b9
linux/linux_kernel 6.19 rc1 (6 CPE variants)
... and 1 more
Published Mar 18, 2026
Tracked Since Mar 18, 2026