Primary

Context

Linux Kernel Vectored Buffer Notification Handling Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's io_uring component has been addressed. The issue arose because the import of vectored registered buffers was incorrectly linked to the request 'req' instead of the appropriate notification io_kiocb, sr->notif. This misalignment is critical as the lifetimes of the two can differ. The vulnerability affected the Linux kernel stable tree.

Impact

The vulnerability could lead to improper handling of vectored buffer notifications, potentially causing issues in buffer management and data integrity during I/O operations.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree to address this vulnerability.

Added: Dec 16, 2025, 6:28 PM

Updated: Dec 16, 2025, 6:28 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Vectored Buffer Notification Handling Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating