Description

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix io_req_prep_async with provided buffers

io_req_prep_async() can import provided buffers, commit the ring state
by giving up on that before, it'll be reimported later if needed.

Classification

CVE ID: CVE-2025-40364

Affected Products

Vendor: Linux

Product: Linux

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40364
https://git.kernel.org/stable/c/a1b17713b32c75a90132ea2f92b1257f3bbc20f3
https://git.kernel.org/stable/c/a94592ec30ff67dc36c424327f1e0a9ceeeb9bd3

Timeline