CVE-2025-40046

EPSS 0.03%
Veröffentlicht 28.10.2025 11:48:24
Zuletzt bearbeitet 30.10.2025 15:05:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

io_uring/zcrx: fix overshooting recv limit

It's reported that sometimes a zcrx request can receive more than was
requested. It's caused by io_zcrx_recv_skb() adjusting desc->count for
all received buffers including frag lists, but then doing recursive
calls to process frag list skbs, which leads to desc->count double
accounting and underflow.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 8bcc9eaf1b19f1a7029cba19f6bd4122b40f6c4f

Version 6699ec9a23f85f1764183430209c741847c45f12

Status affected

Version < 09cfd3c52ea76f43b3cb15e570aeddf633d65e80

Version 6699ec9a23f85f1764183430209c741847c45f12

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.15

Status affected

Version < 6.15

Version 0

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/8bcc9eaf1b19f1a7029cba19f6bd4122b40f6c4f

https://git.kernel.org/stable/c/09cfd3c52ea76f43b3cb15e570aeddf633d65e80

https://nvd.nist.gov/vuln/detail/CVE-2025-40046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40046

EUVD