VDB

CVE-2025-39793

CVE-2025-39793 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast the mr->nr_pages value to size_t to prevent it from overflowing. In practice this isn't much of a concern as the required memory size will have been validated upfront, and accounted to the user. And > 4GB sizes will be necessary to make the lack of a cast a problem, which greatly exceeds normal user locked_vm settings that are generally in the kb to mb range. However, if root is used, then accounting isn't done, and then it's possible to hit this issue.

EPSS 0.02% · 4.6th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.02%
4.6th percentile

Affected Products

VendorProductVersions
LinuxLinux6.15.11, 087f997870a948820ec366701d178f402c6a23a3, 6.14
linuxlinux_kernel6.14, 6.14, 6.16

Timeline

  • Sep 12, 2025 CVE Published
  • Sep 13, 2025 EPSS Score
  • Sep 20, 2025 EPSS Score
  • Sep 27, 2025 EPSS Score
  • Oct 5, 2025 EPSS Score
  • Oct 12, 2025 EPSS Score
  • Oct 19, 2025 EPSS Score
  • Oct 26, 2025 EPSS Score
  • Nov 2, 2025 EPSS Score
  • Nov 10, 2025 EPSS Score
  • Nov 17, 2025 EPSS Score
  • Nov 20, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›