CVE-2025-40046

UNKNOWN 0.0

io_uring/zcrx: fix overshooting recv limit

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix overshooting recv limit It's reported that sometimes a zcrx request can receive more than was requested. It's caused by io_zcrx_recv_skb() adjusting desc->count for all received buffers including frag lists, but then doing recursive calls to process frag list skbs, which leads to desc->count double accounting and underflow.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Oct 28, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

6699ec9a23f85f1764183430209c741847c45f12 < 8bcc9eaf1b19f1a7029cba19f6bd4122b40f6c4f 6699ec9a23f85f1764183430209c741847c45f12 < 09cfd3c52ea76f43b3cb15e570aeddf633d65e80

Linux / Linux

6.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/8bcc9eaf1b19f1a7029cba19f6bd4122b40f6c4f git.kernel.org: https://git.kernel.org/stable/c/09cfd3c52ea76f43b3cb15e570aeddf633d65e80