CVE-2025-39793
BaseFortify
Publication date: 2025-09-12
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's io_uring memory mapping code occurs because the number of pages (nr_pages) was not cast to size_t before shifting, which can cause an integer overflow if the allocated size exceeds UINT_MAX. This overflow can lead to incorrect memory size calculations. While normal users are generally protected due to memory size validations and limits, root users can trigger this issue because accounting is not done for them.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause incorrect memory allocation calculations leading to potential memory corruption or unexpected behavior in the kernel. This is mainly a concern for root users who can bypass normal memory accounting, possibly resulting in system instability or security risks.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the io_uring/memmap issue is fixed. Avoid running processes as root that allocate memory sizes exceeding UINT_MAX without proper accounting. Applying the latest kernel patches that include the fix for casting nr_pages to size_t before shifting is recommended.