Home

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification io_kiocb, sr->notif. For non-vectored imports, sr->notif is correctly used. This is important as the lifetime of the two may be different. Use the correct io_kiocb for the vectored buffer import.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-16 | Updated 2025-12-16 | Assigner Linux

Product status

Default status
unaffected

23371eac7d9a9bca5360cfb3eb3aa08648ee7246 (git) before 14459281e027f23b70885c1cc1032a71c0efd8d7
affected

23371eac7d9a9bca5360cfb3eb3aa08648ee7246 (git) before f6041803a831266a2a5a5b5af66f7de0845bcbf3
affected

Default status
affected

6.15
affected

Any version before 6.15
unaffected

6.17.11 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/14459281e027f23b70885c1cc1032a71c0efd8d7

git.kernel.org/...c/f6041803a831266a2a5a5b5af66f7de0845bcbf3

cve.org (CVE-2025-68294)

nvd.nist.gov (CVE-2025-68294)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.