CVE-2026-23259

ANALYSIS PENDING

io_uring/rw: free potentially allocated iovec on cache put failure

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end up with an unaccounted iovec pointer. Have io_rw_recycle() return whether it recycled the request or not, and use that to gauge whether to free a potential iovec or not.

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c

https://git.kernel.org/stable/c/4b9748055457ac3a0710bf210c229d01ea1b01b9

Scores

EPSS 0.0003

EPSS Percentile 8.2%

Details

Status published

Products (9)

linux/Kernel 6.10.0 - 6.18.10linux

Linux/Linux < 6.10

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 4b9748055457ac3a0710bf210c229d01ea1b01b9

Linux/Linux 6.10

Linux/Linux 6.18.10 - 6.18.*

Linux/Linux 6.19

Linux/Linux a9165b83c1937eeed1f0c731468216d6371d647f - 1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c

Linux/Linux a9165b83c1937eeed1f0c731468216d6371d647f - 4b9748055457ac3a0710bf210c229d01ea1b01b9

Published Mar 18, 2026

Tracked Since Mar 18, 2026