CVE-2024-53187

MEDIUM 5.5

io_uring: check for overflows in io_pin_pages

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: io_uring: check for overflows in io_pin_pages WARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144 CPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0 Call Trace: <TASK> __io_uaddr_map+0xfb/0x2d0 io_uring/memmap.c:183 io_rings_map io_uring/io_uring.c:2611 [inline] io_allocate_scq_urings+0x1c0/0x650 io_uring/io_uring.c:3470 io_uring_create+0x5b5/0xc00 io_uring/io_uring.c:3692 io_uring_setup io_uring/io_uring.c:3781 [inline] ... </TASK> io_pin_pages()'s uaddr parameter came directly from the user and can be garbage. Don't just add size to it as it can overflow.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 27, 2024
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

2b188cc1bb857a9d4701ae59aa7768b5124e262e < 29eac3eca72d4c2a71122050c37cd7d8f73ac4f3 2b188cc1bb857a9d4701ae59aa7768b5124e262e < aaa90844afd499c9142d0199dfda74439314c013 2b188cc1bb857a9d4701ae59aa7768b5124e262e < 0c0a4eae26ac78379d0c1db053de168a8febc6c9

Linux / Linux

5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/29eac3eca72d4c2a71122050c37cd7d8f73ac4f3 git.kernel.org: https://git.kernel.org/stable/c/aaa90844afd499c9142d0199dfda74439314c013 git.kernel.org: https://git.kernel.org/stable/c/0c0a4eae26ac78379d0c1db053de168a8febc6c9