CVE-2025-39793 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-39793 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast the mr->nr_pages value to size_t to prevent it from overflowing. In practice this isn't much of a concern as the required memory size will have been validated upfront, and accounted to the user. And > 4GB sizes will be necessary to make the lack of a cast a problem, which greatly exceeds normal user locked_vm settings that are generally in the kb to mb range. However, if root is used, then accounting isn't done, and then it's possible to hit this issue.

EPSS 0.01% · 1.8th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.01%

1.8th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	087f997870a948820ec366701d178f402c6a23a3, 087f997870a948820ec366701d178f402c6a23a3, 087f997870a948820ec366701d178f402c6a23a3
linux	linux_kernel	6.14, 6.14, 6.14

Timeline

Sep 12, 2025 CVE Published
Sep 13, 2025 EPSS Score
Sep 20, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 3, 2025 EPSS Score
Oct 10, 2025 EPSS Score
Oct 16, 2025 EPSS Score
Oct 23, 2025 EPSS Score
Oct 30, 2025 EPSS Score
Nov 5, 2025 EPSS Score
Nov 12, 2025 EPSS Score
Nov 19, 2025 EPSS Score

References

Open in Interactive Console →