CVE-2025-40216
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: don't rely on user vaddr alignment
There is no guaranteed alignment for user pointers, however the
calculation of an offset of the first page into a folio after coalescing
uses some weird bit mask logic, get rid of it.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's io_uring resource management involves improper handling of user pointer alignment. The kernel code incorrectly assumes that user pointers have guaranteed alignment, but since there is no such guarantee, the calculation of an offset for the first page into a folio after coalescing uses flawed bit mask logic. The fix removes this incorrect reliance on pointer alignment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70