Linux Kernel io_uring zctx Chained Notification Context Verification
CVE-2025-68317 Published on December 16, 2025
io_uring/zctx: check chained notif contexts
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zctx: check chained notif contexts
Send zc only links ubuf_info for requests coming from the same context.
There are some ambiguous syz reports, so let's check the assumption on
notification completion.
Products Associated with CVE-2025-68317
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-68317 are published in these products:
Affected Versions
Linux:- Version 6fe4220912d19152a26ce19713ab232f4263018d and below aaafd17d3f4be2c15539359a5b4bfa00237f687f is affected.
- Version 6fe4220912d19152a26ce19713ab232f4263018d and below d664a3ce3a604231a0b144c152a3755d03b18b60 is affected.
- Version 6fe4220912d19152a26ce19713ab232f4263018d and below ab3ea6eac5f45669b091309f592c4ea324003053 is affected.
- Version 6.10 is affected.
- Before 6.10 is unaffected.
- Version 6.12.58, <= 6.12.* is unaffected.
- Version 6.17.8, <= 6.17.* is unaffected.
- Version 6.18, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.