CVE-2025-40267 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime15 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 89.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 6

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: ensure allocated iovec gets cleared for early failure A previous commit reused the recyling infrastructure for early cleanup, but this is not enough for the case where our internal caches have overflowed. If this happens, then the allocated iovec can get leaked if the request is also aborted early. Reinstate the previous forced free of the iovec for that situation.

Affected Packages5 packages

▶Linuxlinux/linux_kernel6.14.0 — 6.17.9

▶Debianlinux/linux_kernel< 6.17.9-1

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶CVEListV5linux/linux9ac273ae3dc296905b4d61e4c8e7a25592f6d183 — 094c6467fe05e0de618c5a7fcff4d3ee20aeaef8+2

▶debiandebian/linux< linux 6.17.9-1 (forky)

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: io_uring/rw: ensure allocated iovec gets cleared for early failure↗2025-12-06

▶