Vulnerability in Linux Kernel Affecting io_uring Functionality
CVE-2025-40291

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40291?

A vulnerability in the Linux kernel's io_uring functionality has been identified, where the io_estimate_bvec_size() function experiences truncation of the calculated number of segments. This issue precipitates potential data corruption due to improper handling of integer values, which could jeopardize the integrity of system operations. It's crucial for users to stay informed about the implications and apply necessary kernel updates to mitigate these risks.

Affected Version(s)

Linux 9ef4cbbcb4ac3786a1a4164507511b76b2a572c5 < 826ce37a842633efe1bb763e4b13045d74060d72

Linux 9ef4cbbcb4ac3786a1a4164507511b76b2a572c5 < 146eb58629f45f8297e83d69e64d4eea4b28d972

Linux 6.15

References

https://git.kernel.org/stable/c/826ce37a842633efe1bb763e4...

https://git.kernel.org/stable/c/146eb58629f45f8297e83d69e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON