Linux Kernel Vulnerability in io_uring Buffer Handling
CVE-2025-39822
Currently unrated
What is CVE-2025-39822?
A vulnerability exists in the Linux kernel related to the io_uring buffer handling. This vulnerability arises due to the signedness of the buffer length ('buf->len'), which is treated as an unsigned value. When this length is converted to a signed integer upon committing, it can lead to overflow issues, particularly when dealing with large buffers. Such a scenario can result in unintended behavior and potential security risks. The issue has been addressed by modifying the min_t calculation to ensure it remains unsigned, thereby mitigating the risk of interpreting large buffer sizes as negative values.
Affected Version(s)
Linux ae98dbf43d755b4e111fcd086e53939bef3e9a1a
Linux ae98dbf43d755b4e111fcd086e53939bef3e9a1a
Linux 6.12