Memory Leak Vulnerability in Linux Kernel Affecting io_uring Functionality
CVE-2025-40267

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40267?

A vulnerability exists in the Linux kernel's io_uring functionality that may lead to a memory leak under certain conditions. Specifically, when internal caches overflow, allocated iovecs can remain in memory if a request is aborted early. This issue stems from a previous update that did not adequately handle early cleanup, necessitating the restoration of a forced free mechanism to prevent potential memory leaks.

Affected Version(s)

Linux 9ac273ae3dc296905b4d61e4c8e7a25592f6d183 < 094c6467fe05e0de618c5a7fcff4d3ee20aeaef8

Linux 9ac273ae3dc296905b4d61e4c8e7a25592f6d183

Linux 6.14

References

https://git.kernel.org/stable/c/094c6467fe05e0de618c5a7fc...

https://git.kernel.org/stable/c/d3c9c213c0b86ac5dd8fe2c53...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON