CVE-2025-39793
In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast the mr->nr_pages value to size_t to prevent it from overflowing. In practice this isn't much of a concern as the required memory size will have been validated upfront, and accounted to the user. And > 4GB sizes will be necessary to make the lack of a cast a problem, which greatly exceeds normal user locked_vm settings that are generally in the kb to mb range. However, if root is used, then accounting isn't done, and then it's possible to hit this issue.
EPSS 0.02% · 4.6th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 6.15.11, 087f997870a948820ec366701d178f402c6a23a3, 6.14 |
| linux | linux_kernel | 6.14, 6.14, 6.16 |
Exploit Intelligence
Timeline
- Sep 12, 2025 CVE Published
- Sep 13, 2025 EPSS Score
- Sep 20, 2025 EPSS Score
- Sep 27, 2025 EPSS Score
- Oct 5, 2025 EPSS Score
- Oct 12, 2025 EPSS Score
- Oct 19, 2025 EPSS Score
- Oct 26, 2025 EPSS Score
- Nov 2, 2025 EPSS Score
- Nov 10, 2025 EPSS Score
- Nov 17, 2025 EPSS Score
- Nov 20, 2025 CVE Updated