Description
In the Linux kernel, the following vulnerability has been resolved:

io_uring/zcrx: fix page array leak

d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed
a page leakage but didn't free the page array, release it as well.
Published: 2026-03-18
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s io_uring/zcrx subsystem had a memory leak that occurred when an sg initialization failed. A page array was allocated but not freed, resulting in uncontrolled kernel memory consumption. This flaw can lead to memory exhaustion and potential system instability, matching the weakness identified as CWE-401: Memory Leak.

Affected Systems

All Linux kernels that implement the io_uring/zcrx API before the commit referenced in the advisory are affected. No specific kernel version numbers are provided, so any installation that has not applied the commit that fixed the leak remains vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of < 1% indicates a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, exploitation requires local access with the ability to invoke io_uring system calls. Given these metrics and the confirmed vulnerability, the risk for systems heavily using io_uring can be considered moderate to high, though the low EPSS suggests exploitation is not currently prevalent.

Generated by OpenCVE AI on May 26, 2026 at 16:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that corresponds to the commit d9f595b9a65e, which frees the page array when sg initialization fails.
  • Reboot the system or reload the kernel to ensure the updated code is in use.
  • If your current kernel cannot be patched, upgrade to a newer stable release that includes the fix, such as Linux 6.19 stable or later.

Generated by OpenCVE AI on May 26, 2026 at 16:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 19 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 18 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage but didn't free the page array, release it as well.
Title io_uring/zcrx: fix page array leak
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:03:28.689Z

Reserved: 2026-01-13T15:37:45.990Z

Link: CVE-2026-23263

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T18:16:24.950

Modified: 2026-05-22T20:58:36.073

Link: CVE-2026-23263

cve-icon Redhat

Severity :

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2026-23263 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:15:09Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime