CVE-2026-23259
- Source
- https://cve.org/CVERecord?id=CVE-2026-23259
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23259.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23259
- Downstream
- Published
- 2026-03-18T17:41:05.827Z
- Modified
- 2026-04-02T13:12:19.033127Z
- Summary
- io_uring/rw: free potentially allocated iovec on cache put failure
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rw: free potentially allocated iovec on cache put failure
If a read/write request goes through ioreqrwcleanup() and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iovec pointer. Have iorwrecycle() return whether it recycled the request or not, and use that to gauge whether to free a potential iovec or not.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23259.json" }- References
-
- https://git.kernel.org/stable/c/1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c
- https://git.kernel.org/stable/c/4b9748055457ac3a0710bf210c229d01ea1b01b9
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23259.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23259
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git