CVE-2026-45995

medium Red Hat
Published: May 27, 2026 (44 days ago)
Last Modified: May 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the Linux kernel's io_uring/zcrx subsystem. This use-after-free (UAF) vulnerability occurs because the `io_free_rbuf_ring()` function uses a `struct user_struct` that is prematurely freed by `io_zcrx_ifq_free()` before the ring is destroyed. A local attacker could potentially exploit this flaw to achieve privilege escalation or execute arbitrary code, leading to a compromise of the system.

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References