← Back to CVEs
CVE-2025-40046
N/ADescription
In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix overshooting recv limit It's reported that sometimes a zcrx request can receive more than was requested. It's caused by io_zcrx_recv_skb() adjusting desc->count for all received buffers including frag lists, but then doing recursive calls to process frag list skbs, which leads to desc->count double accounting and underflow.
CVE Details
CVSS v3.1 ScoreN/A
Published10/28/2025
Last Modified10/30/2025
Sourcenvd
Honeypot Sightings0
References
https://git.kernel.org/stable/c/09cfd3c52ea76f43b3cb15e570aeddf633d65e80(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/8bcc9eaf1b19f1a7029cba19f6bd4122b40f6c4f(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.