CVE-2026-23259Linux vulnerability

9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end up with an unaccounted iovec pointer. Have io_rw_recycle() return whether it recycled the request or not, and use that to gauge whether to free a potential iovec or not.

Affected Packages3 packages

Linuxlinux/linux_kernel6.10.06.18.10
Debianlinux/linux_kernel< 6.18.10-1
CVEListV5linux/linuxa9165b83c1937eeed1f0c731468216d6371d647f1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c+2

🔴Vulnerability Details

4
GHSA
GHSA-q3hj-qw3j-gv7p: In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/wri2026-03-18
CVEList
io_uring/rw: free potentially allocated iovec on cache put failure2026-03-18
OSV
io_uring/rw: free potentially allocated iovec on cache put failure2026-03-18
OSV
CVE-2026-23259: In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write2026-03-18

📋Vendor Advisories

3
Red Hat
kernel: io_uring/rw: free potentially allocated iovec on cache put failure2026-03-18
Microsoft
io_uring/rw: free potentially allocated iovec on cache put failure2026-03-10
Debian
CVE-2026-23259: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring/rw...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23259 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23259 — Linux vulnerability | cvebase