Primary

Context

Linux Kernel io_uring Overshooting recv Limit Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's io_uring implementation can cause a zcrx request to receive more data than requested. This issue arises because the function io_zcrx_recv_skb() improperly counts received buffers, including those in fragment lists, leading to double accounting and an underflow in the count. The vulnerability affects the stable version of the Linux kernel.

Impact

The vulnerability can lead to incorrect data handling in io_uring zcrx requests, potentially causing applications to misinterpret received data or disrupt normal data processing workflows.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability. The patched version is included in the Linux kernel stable tree.

Added: Oct 28, 2025, 1:04 PM

Updated: Oct 28, 2025, 1:04 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel io_uring Overshooting recv Limit Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating