CVE-2025-39822 — Incorrect Conversion between Numeric Types in Linux

CWE-681 — Incorrect Conversion between Numeric Types5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 94.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 16

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: fix signedness in this_len calculation When importing and using buffers, buf->len is considered unsigned. However, buf->len is converted to signed int when committing. This can lead to unexpected behavior if the buffer is large enough to be interpreted as a negative value. Make min_t calculation unsigned.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel6.12 — 6.16.5+1

▶Debianlinux/linux_kernel< 6.16.5-1

▶CVEListV5linux/linuxcf9536e550dd243a1681fdbf804221527da20a80 — f4f411c068402c370c4f9a9d4950a97af97bbbb1+2

▶debiandebian/linux< linux 6.16.5-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-5xmf-424g-jjhg: In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: fix signedness in this_len calculation When importing and using b↗2025-09-16

▶

OSV

CVE-2025-39822: In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: fix signedness in this_len calculation When importing and using buf↗2025-09-16

▶

📋Vendor Advisories

Red Hat

kernel: io_uring/kbuf: fix signedness in this_len calculation↗2025-09-16

▶

Debian

CVE-2025-39822: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring/kb...↗2025

▶