CVE-2025-68317

low

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/zctx: check chained notif contexts Send zc only links ubuf_info for requests coming from the same context. There are some ambiguous syz reports, so let's check the assumption on notification completion.

References

https://git.kernel.org/stable/c/d664a3ce3a604231a0b144c152a3755d03b18b60

https://git.kernel.org/stable/c/ab3ea6eac5f45669b091309f592c4ea324003053

https://git.kernel.org/stable/c/aaafd17d3f4be2c15539359a5b4bfa00237f687f

Details

Source: Mitre, NVD

Published: 2025-12-16

Updated: 2025-12-18

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00017