CVE-2025-40364 — Missing Release of Memory after Effective Lifetime in Linux

CWE-401 — Missing Release of Memory after Effective Lifetime6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 77.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedApr 18

Latest updateSep 3

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDlinux/linux_kernel5.19 — 6.1.129+3

▶Debianlinux/linux_kernel< 6.1.129-1+2

▶CVEListV5linux/linuxc7fb19428d67dd0a2a78a4f237af01d39c78dc5a — 233b210a678bddf8b49b02a070074a52b87e6d43+7

▶debiandebian/linux< linux 6.1.129-1 (bookworm)

▶googlegoogle/chrome_chrome

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-24g7-95rm-cqcc: In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can im↗2025-04-18

▶

OSV

CVE-2025-40364: In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can impo↗2025-04-18

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2025-40364↗2025-09-03

▶

Red Hat

kernel: io_uring: fix io_req_prep_async with provided buffers↗2025-04-18

▶

Debian

CVE-2025-40364: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring: f...↗2025

▶