Volerion logoVolerion
Volerion logoVolerion

Linux Kernel io_uring User Pointer Alignment Vulnerability

Vulnerability

A vulnerability in the Linux kernel's io_uring resource management has been addressed. The issue arose because user pointers do not guarantee proper alignment, yet the kernel's handling of these pointers after coalescing multi-hugepage buffers relied on a flawed bit masking method. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to incorrect buffer handling in io_uring, potentially causing resource management issues or memory-related errors.

Reproduction

The vulnerability can be reproduced by registering a buffer with user pointers that are not properly aligned. This can be done by using io_uring's buffer coalescing feature with multi-hugepage buffers, which may expose the misalignment issue during the coalescing process.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.

Added: Dec 4, 2025, 3:25 PM
Updated: Dec 4, 2025, 6:19 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.