CVE-2026-45995

HIGH

io_uring/zcrx: fix user_struct uaf

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_struct uaf io_free_rbuf_ring() usees a struct user_struct, which io_zcrx_ifq_free() puts it down before destroying the ring.

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/9feb88eeda6d288f93fcfb6bca563f89e316479d

https://git.kernel.org/stable/c/0fcccfd87152f957fa8312b841f6efef42a05a20

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 5.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (8)

Linux/Linux < 6.19

Linux/Linux 5c686456a4e83ef06c74d40be05c21a0ef136684 - 0fcccfd87152f957fa8312b841f6efef42a05a20

Linux/Linux 5c686456a4e83ef06c74d40be05c21a0ef136684 - 9feb88eeda6d288f93fcfb6bca563f89e316479d

Linux/Linux 6.19

Linux/Linux 7.0.4 - 7.0.*

Linux/Linux 7.1

Linux/Linux 7.1-rc1

linux/linux_kernel 6.19 - 7.0.4

Published May 27, 2026

Tracked Since May 27, 2026