CVE-2026-23259

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s io uring/rw functionality where an allocated iovec may be freed incorrectly during a read/write request cleanup process. Specifically, if a read/write request proceeds through the io req rw cleanup() function with an allocated iovec and fails to be added to the rw cache, the iovec pointer may remain unaccounted for. The issue is addressed by modifying the io rw recycle() function to indicate whether the request was recycled, allowing for proper determination of whether to free the iovec. The vulnerable functions involved are io req rw cleanup() and io rw recycle().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.