CVE-2025-39793Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 12

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast the mr->nr_pages value to size_t to prevent it from overflowing. In practice this isn't much of a concern as the required memory size will have been validated upfront, and accounted to the user. And > 4GB sizes will be necessary to make the lack of a cast a problem, which greatly exceeds normal user lock

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.146.15.11+1
Debianlinux/linux_kernel< 6.16.3-1
CVEListV5linux/linux087f997870a948820ec366701d178f402c6a23a3c6a2706e08b8a1b2d3740161c0977d38e596c1ee+3
debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-53xm-w39p-m328: In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size e2025-09-12
OSV
CVE-2025-39793: In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exc2025-09-12

📋Vendor Advisories

2
Red Hat
kernel: io_uring/memmap: cast nr_pages to size_t before shifting2025-09-12
Debian
CVE-2025-39793: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring/me...2025
CVE-2025-39793 — Integer Overflow or Wraparound | cvebase