Volerion logoVolerion
Volerion logoVolerion

Linux Kernel io_uring Sgtable Leak Vulnerability in zcrx Component

Vulnerability

A vulnerability exists in the Linux kernel's io_uring/zcrx component, where a mapping failure can lead to a memory leak. This issue arises on machines with PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA, causing the io_zcrx_map_area() function to leave an initialized scatter-gather table unfreed. The table was intended to be cleared in the error handling process, but the condition '!is_mapped' prevents this cleanup.

Impact

The vulnerability can cause a memory leak by failing to properly free an initialized scatter-gather table after a mapping error, potentially leading to increased memory usage.

Reproduction

The vulnerability can be reproduced by triggering a mapping failure in the io_uring/zcrx component on a machine with PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA. This failure will cause the io_zcrx_map_area() function to leave an initialized scatter-gather table unfreed, creating a memory leak.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability.

Added: May 6, 2026, 1:43 PM
Updated: May 6, 2026, 1:43 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
3.9
remediation
7.7
relevance
7.6
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.