CVE-2025-40216 — Linux vulnerability

6 documents5 sources

Severity

7.0HIGH

No vector

EPSS

0.0%

top 90.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 4

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of it.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.12.0 — 6.12.36+1

▶Debianlinux/linux_kernel< 6.12.37-1+1

▶CVEListV5linux/linuxa8edbb424b1391b077407c75d8f5d2ede77aa70d — 50998b0ae7d9d552e96d8b7239981cf05f65eff5+3

▶debiandebian/linux< linux 6.12.37-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-vv4p-ph8q-2hhx: In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignme↗2025-12-04

▶

OSV

io_uring/rsrc: don't rely on user vaddr alignment↗2025-12-04

▶

OSV

CVE-2025-40216: In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment↗2025-12-04

▶

📋Vendor Advisories

Red Hat

kernel: io_uring/rsrc: don't rely on user vaddr alignment↗2025-12-04

▶

Debian

CVE-2025-40216: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring/rs...↗2025

▶