CVE-2026-23259
MEDIUMio_uring/rw: free potentially allocated iovec on cache put failure
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end up with an unaccounted iovec pointer. Have io_rw_recycle() return whether it recycled the request or not, and use that to gauge whether to free a potential iovec or not.
References (2)
Core 2
Scores
CVSS v3
5.5
EPSS
0.0010
EPSS Percentile
1.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (11)
linux/Kernel
6.10.0 - 6.18.10linux
Linux/Linux
< 6.10
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 4b9748055457ac3a0710bf210c229d01ea1b01b9
Linux/Linux
6.10
Linux/Linux
6.18.10 - 6.18.*
Linux/Linux
6.19
Linux/Linux
a9165b83c1937eeed1f0c731468216d6371d647f - 1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c
Linux/Linux
a9165b83c1937eeed1f0c731468216d6371d647f - 4b9748055457ac3a0710bf210c229d01ea1b01b9
linux/linux_kernel
6.19 rc1 (6 CPE variants)
... and 1 more
Published
Mar 18, 2026
Tracked Since
Mar 18, 2026