CVE-2026-23259 Linux CVE debrief

Who should care

Linux system administrators, kernel maintainers, cloud infrastructure operators, and security teams managing hosts that expose io_uring capabilities to untrusted or partially trusted local users

Technical summary

The io_uring subsystem in the Linux kernel contains a memory leak in its read/write request cleanup path. When io_req_rw_cleanup() processes a read/write request that has an allocated iovec attached, and the attempt to place that request into the rw_cache fails, the iovec pointer would previously be left unaccounted for, causing a memory leak. The resolution modifies io_rw_recycle() to return whether it successfully recycled the request, allowing the cleanup function to conditionally free the iovec only when recycling fails. This is a local vulnerability requiring privileges to submit io_uring operations, with availability impact as the primary concern.

Defensive priority

medium

Recommended defensive actions

• Apply the relevant kernel patches from the stable kernel tree to affected systems
• Upgrade to Linux kernel version 6.18.10 or later, or apply vendor-specific patched versions
• Monitor systems running io_uring-intensive workloads for abnormal memory consumption patterns
• Restart services utilizing io_uring if memory leak symptoms are observed prior to patching
• Validate kernel version and io_uring usage in containerized and virtualized environments where local access may be more broadly available

Evidence notes

The vulnerability description indicates this is a resolved Linux kernel issue in the io_uring read/write implementation. The fix modifies io_rw_recycle() to return a boolean indicating successful recycling, which io_req_rw_cleanup() uses to determine whether to free a potentially allocated iovec. Two patch commits are referenced. CPE criteria indicate affected versions from 6.10 through 6.18.10, plus 6.19 release candidates rc1 through rc6.

Official resources