CVE-2026-43366
Published: May 8, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: check if target buffer list is still legacy on recycle There's a gap between when the buffer was grabbed and when it potentially gets recycled, where if the list is empty, someone could've upgraded it to a ring provided type. This can happen if the request is forced via io-wq. The legacy recycling is missing checking if the buffer_list still exists, and if it's of the correct type. Add those checks.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c7fb19428d67dd0a2a78a4f237af01d39c78dc5a - < a7b33671e418fca507feebd1d56e7f4952a4b25caffected c7fb19428d67dd0a2a78a4f237af01d39c78dc5a - < 439a6728ec4641ffad1ca796622c19bc525e570faffected c7fb19428d67dd0a2a78a4f237af01d39c78dc5a - < f3fb54e7a8b4aadcc2836ee463eec8c88709b8aaaffected c7fb19428d67dd0a2a78a4f237af01d39c78dc5a - < 50ad880db3013c6fee0ef13781762a39e2e7ef83affected c7fb19428d67dd0a2a78a4f237af01d39c78dc5a - < 97b57f69fee1b61b41acbf37e7720cac9d389fa4+1 more versions |
Linux | Linux | affected 5.19unaffected 0 - < 5.19unaffected 6.1.167 - <= 6.1.*unaffected 6.6.130 - <= 6.6.*unaffected 6.12.78 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now