CVE-2026-43366
Linux Kernel io_uring Buffer List Recycling Flaw
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's io_uring subsystem, specifically in the kbuf (kernel buffer) handling during buffer recycling. There is a timing gap between when a buffer is grabbed and when it is recycled. During this gap, if the buffer list is empty, it is possible that the buffer list could have been upgraded to a ring-provided type. However, the legacy recycling process does not check whether the buffer list still exists or if it is of the correct type, which can lead to improper handling of buffers.
How can this vulnerability impact me? :
The vulnerability could lead to incorrect buffer recycling in the Linux kernel's io_uring subsystem. This improper handling might cause unexpected behavior or instability in the kernel, potentially leading to system crashes or security issues related to memory management. However, specific impacts such as privilege escalation or data corruption are not detailed in the provided information.