DEBIAN-CVE-2025-40291

DEBIAN-CVE-2025-40291 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix regbuf vector size truncation There is a report of io_estimate_bvec_size() truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can be improved on top.

Affected Products

Vendor	Product	Versions
Debian:14	linux	6.12.41-1, 6.12.43-1, 6.12.43-1~bpo12+1

Timeline

Dec 8, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-40291 advisory

Open in Interactive Console →