CVE-2026-23263
Memory Leak in Linux Kernel io_uring Component Fixed
Publication date: 2026-03-18
Last updated on: 2026-05-22
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.17 (inc) to 6.18.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the io_uring subsystem, specifically related to the zcrx component. The issue was a page array leak where, although leaking pages on scatter-gather (sg) initialization failure were fixed, the page array itself was not freed properly. The fix ensures that the page array is also released, preventing resource leakage.
How can this vulnerability impact me? :
The vulnerability can lead to resource leakage in the Linux kernel, specifically leaking memory pages and page arrays during certain io_uring operations. This could potentially degrade system performance or stability over time due to unreleased memory resources.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know