CVE-2026-23263

MEDIUM

io_uring/zcrx: fix page array leak

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage but didn't free the page array, release it as well.

Scores

CVSS v3 5.5
EPSS 0.0010
EPSS Percentile 1.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-401
Status published
Products (9)
linux/Kernel 6.17.0 - 6.18.10linux
Linux/Linux < 6.17
Linux/Linux 6.17
Linux/Linux 6.18.10 - 6.18.*
Linux/Linux 6.19
Linux/Linux b84621d96ee0221e0bfbf9f477bbec7a5077c464 - 0ae91d8ab70922fb74c22c20bedcb69459579b1c
Linux/Linux b84621d96ee0221e0bfbf9f477bbec7a5077c464 - 64cf3016234ce8a6e4195ed1b2d9e2a1ae41b57d
linux/linux_kernel 6.19 rc1 (8 CPE variants)
linux/linux_kernel 6.17 - 6.18.10
Published Mar 18, 2026
Tracked Since Mar 18, 2026